Misconfigured and Unsecure Servers Expose Sales, Instagram Records

Any security leader should know that the first step to protecting your network is securing your server. In most cases cybercriminals, must work hard to gain access databases with millions of credentials or PII. To obtain this data, they generally have to deploy malware or phishing attacks, social engineer their targets, identify where the data is, and then find a way to exfiltrate it out of the network undetected. By securing the server, security teams force hackers to be strategic and creative in their attempts to steal data.

But when server security protocols are not up to snuff, the data can be freely available to cybercriminals. While these databases usually do not contain data like passwords or credit cards, they do contain enough data to assist in social engineering attacks, profiling a target, or performing other types of attacks. Such is the case in a recent example IntSights researchers have identified.

For Sale: Sales, Revenue, and Instagram Data

A known seller of databases who operates in several criminal forums is now offering a database containing over 49 million records, including names, emails phone numbers and addresses – all the usual suspects. However, the database also contains information about sales, revenue, and employees. The database belongs to LimeLeads, a B2B marketing company, and is now being auctioned for a starting price of 1 Bitcoin (with offers accepted in 0.1 BTC increments and a “buy now” option of 3 BTC).

The seller is known to be pricey, but has a strong reputation within the community. Another interesting recent offering from the seller is a 19 million-record Instagram database.

As the seller points out, both databases seem to be a result of a misconfigured, external facing server. These types of database leaks once again highlight the complex role of enterprise security teams. While teams work hard to keep external threats from gaining access to their networks and monitoring for insider threats while maintaining the business’ infrastructure available, it only takes one unpatched or misconfigured server to expose millions of records. Simple search queries in search engines such as Censys demonstrate how easy it is to identify anything from servers using out-of-date encryption to ones running software and operating systems with well documents vulnerabilities.

A successful cyber threat intelligence strategy must answer three basic questions borrowed from the military world, where they are referred to as the CCIR – Commanders Critical Information Requirements: “What do I know about the enemy?”, “What does the enemy know about me?”, and “What do I know about myself?” – too often, the security teams overlook the last question.

To learn how to proactively identify and take down threats at the source before they ever become full-blown attacks, read our ebook,Dark Web 201: How to Leverage External Threat Hunting to Prevent Cyberattacks.

Download Your Copy

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.