Webmaster forum database exposed data of 800,000 users

Emmanuel

Administrator
Staff member
May 11, 2020
141
28
84
A database belonging to the Digital Point webmaster forum leaked the records of over 800,000 users.

San Diego, California-based Digital Point describes itself as the "largest webmaster community in the world," bringing together freelancers, marketers, coders, and other creative professionals.

On July 1, the WebsitePlanet research team and cybersecurity researcher Jeremiah Fowler uncovered an unsecured Elasticsearch database containing over
Please, Log in or Register to view URLs content!
. In total, data belonging to 863,412 Digital Point users was included in the leak.


According to the team, names, email addresses, and internal user ID numbers were made publicly available.

In addition, internal records and user post details were stored in the open database. While examining the database to find out who the owner was, the researchers stumbled across sets of data relating to forum members who flagged posts and the reasons behind these reports -- including allegations of "bad business dealings," spam, and other reasons, some described as appearing to be "petty and personal."

screenshot-2020-09-06-at-10-22-17.png



Aside from the usual security ramifications of user data theft and phishing, the database could have become one of many to
Please, Log in or Register to view URLs content!
, an automated script that was responsible for the compromise of thousands of unsecured MongoDB and Elasticsearch databases in July. Once the script has been deployed, it overrides data with numbers and the word "meow."


"One of the dangers of a non-password protected database is that it is a sitting target waiting to be stolen, encrypted, or deleted," the team says.

Fowler sent a responsible disclosure notice to Digital Point on July 1, the same day the leak was discovered, by way of a suitable email address found within the database. The alert was taken seriously and access to the database was revoked within hours.

However, the forum did not communicate with the researchers or respond to follow-up requests.