Exploit: Unsecured Database
DreamHost: WordPress Hosting Service
Risk to Business: 1.823=Severe
A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration, and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.
Individual Impact: There has not yet been confirmed that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business There’s no excuse for making basic security blunders, and clients may be less likely to want to work with those who do. A strong security culture prevents these blunders from happening.
Source: Info Security Magazine