A database belonging to the Digital Point webmaster forum leaked the records of over 800,000 users.
San Diego, California-based Digital Point describes itself as the "largest webmaster community in the world," bringing together freelancers, marketers, coders, and other creative professionals.
On July 1, the WebsitePlanet research team and cybersecurity researcher Jeremiah Fowler uncovered an unsecured Elasticsearch database containing over 62 million records. In total, data belonging to 863,412 Digital Point users was included in the leak.
According to the team, names, email addresses, and internal user ID numbers were made publicly available.
In addition, internal records and user post details were stored in the open database. While examining the database to find out who the owner was, the researchers stumbled across sets of data relating to forum members who flagged posts and the reasons behind these reports -- including allegations of "bad business dealings," spam, and other reasons, some described as appearing to be "petty and personal."
Aside from the usual security ramifications of user data theft and phishing, the database could have become one of many to succumb to Meow Bot, an automated script that was responsible for the compromise of thousands of unsecured MongoDB and Elasticsearch databases in July. Once the script has been deployed, it overrides data with numbers and the word "meow."
"One of the dangers of a non-password protected database is that it is a sitting target waiting to be stolen, encrypted, or deleted," the team says.
Fowler sent a responsible disclosure notice to Digital Point on July 1, the same day the leak was discovered, by way of a suitable email address found within the database. The alert was taken seriously and access to the database was revoked within hours.
However, the forum did not communicate with the researchers or respond to follow-up requests.
ZDNet has reached out to Digital Point and will update when we hear back.
Previous and related coverage
- Tech unicorn Dave admits to security breach impacting 7.5 million users
- CouchSurfing investigates data breach after 17m user records appear on hacking forum
- Today's 'mega' data breaches now cost companies $392 million to recover from
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0