Cyber-security researchers at NordPass have published the results of a study on what kind of user-data is available online. Overall, the researchers found 9,517 unsecured databases containing 10,463,315,645 entries, which included such data as emails, passwords and phone numbers. The exposed databases are from 20 different countries, including India, China and the US. The report comes just days after new data from an US think tank suggested that India is third-biggest victim of ‘significant’ cyber-attacks this millennium.
China tops the list with 3794 unsecured databases exposing private details of up to 2,629,383,174 people. The United States comes second, with 2,703 unsecured databases and nearly 2,397,583,255 entries available online. India is third on the list, with the researchers spotting at least 520 unsecured databases in the country. These databases contain 4,878,723 entries, including emails, passwords and phone numbers.
While some of this data might be useless and only used for testing, much of it could be damaging if exposed. Some of the largest data leaks over the last year resulted from exposed databases. For example, millions of Facebook records were exposed on a public Amazon server. In another incident, an unsecured database exposed information of 80 million US households. The data included victims’ addresses, income and marital status. The most worrying part is that this data was not leaked by a persevering hacker. It was simply sitting there in a public database.
NordPass says it teamed-up with a white hat hacker for its research on exposed databases. The hacker, who requested to stay anonymous, scanned elasticsearch and mongoDB libraries, looking for exposed, unprotected databases. Once found, he logged into those public databases and checked what kind of data could be found there. He then shared with NordPass how many exposed databases and entries he had found.