After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia.
RedDoorz user record for sale by threat actor on hacking forum A threat actor is selling the RedDoorz database containing 5.8 million user record on a hacking forum following a data breach in September. RedDoorz is a hotel management and booking platfo… https://t.co/5lpt9IK8Eu pic.twitter.com/C4RexDOHD1
— Sean Harris (@InfoSecHotSpot) November 10, 2020
The good news is that RedDoorz appears to have used a secure hashing algorithm, bcrypt, to secure user passwords in the stolen database. Secure hashing algorithms like bcrypt make it much harder for attackers to crack user passwords but they aren’t a silver bullet. Although it makes cracking passwords much slower, simple and short passwords can still be cracked relatively quickly.
The attackers have apparently stolen RedDoorz complete database which suggests that the most likely attack methods were insecure configuration or storage of the database, or a web attack such as SQL injection. Insecure configuration or storage can often happen if developers who aren’t familiar with security best practices inadvertently expose databases, especially in cloud services.
To protect themselves, organizations must adopt a culture of security to ensure that software development processes are tightly integrated with their security operations to encompass proper security protections are in place for not only the developer’s code, but also the underlying systems and applications that it runs on.