Millions of MySQL servers discovered online – is yours one of them?


Millions of MySQL servers (opens in a new tab) were recently discovered to be publicly exposed to the Internet and using the default port, the researchers found.

The nonprofit security organization, The ShadowServer Foundation, discovered that a total of 3.6 million servers are configured in such a way that they can easily be targeted by threat actors.

Of a total of 3.6 million, 2.3 million are connected via IPv4, while 1.3 million via IPv6. They all use the default TCP port 3306.

“Although we do not verify the level of possible access or exposure of specific databases, this type of exposure is a potential attack surface that should be closed,” explained the nonprofit organization. in a press release.

Misconfigurations Lead to Data Compromise

Most of the servers are in the United States (over 1.2 million), with China, Germany, Singapore, the Netherlands, and Poland also hosting a significant number of servers.

Internet-connected servers are a major pillar in today’s business, as they enable web services and applications to operate remotely. But misconfigured servers are one of the most common errors that lead to data loss (opens in a new tab)because many ransomware attacks and Remote Access Trojan (RAT) deployments have started with a misconfigured database.

Researchers have put a lot of emphasis on the need to properly secure databases, which includes strict usage policies, changing and monitoring ports, enabling binary logging, closely monitoring queries, and encryption. of all data, recalls BleepingComputer in its report.

An IBM report published in May 2021 claimed that 19% of data breaches occur because IT teams failed to properly protect assets found in their cloud infrastructure.

This time last year, the company surveyed 524 organizations that suffered a data breach between August 2019 and April 2020, and also found that the average cost of a data breach had increased by half a million. dollars during this period.

Going through: BeepComputer (opens in a new tab)


Comments are closed.