External Threat Management

Shodan Exposes Customer Database on Website

As a pastime, IT helpdesk professional Chris Vickery likes to poke around Shodan, the infamous search engine site for IoT devices. “There are a lot of interesting, educating and intriguing things that you can find on Shodan,” Vickery said. “But there’s a lot of stuff that should definitely not be out there, and when I come across those I try to notify the owner of the affected database.”

By running a search on Shodan for instances of database servers listening for incoming connections on port 27101 (a port used by the popular database management system MongoDB) -- Vickery stumbled upon a database server housing over 13M customer records belonging to Kromtech, the company that makes MacKeeper. Not being a hacker himself, Vickery responsibly disclosed the exposure to the company.

Hackers use tools like Shodan, nmap, Fierce [0], etc., to search for easy targets, like servers with open ports that may store information that can be sold on the black market or used in an attack campaign.

An exposed development server lead to one of the most significant breaches in US history, when an Iranian APT group broke into the Las Vegas Sands and took down their IT systems.

Are you immune to this problem? Digital footprint security exists to allow security professionals to see and secure a wide range of Internet-facing assets. If you have strong controls in place in your datacenter to prevent mishaps like this one, you still may be vulnerable on infrastructure created via Shadow IT or acquired via merger and acquisition.

A vast majority of the time when we conduct an evaluation using our Digital Footprint technology, we find undocumented assets, connected to the Internet, of which security teams are previously unaware—it is a ubiquitous issue.

Security teams come to RiskIQ to help them prevent attacks that exploit vulnerable, look-a-like, or orphaned digital assets, including web, social, and mobile channels, that exist outside their security perimeter. As a great example, DocuSign uses RiskIQ to address security risks associated with mergers and acquisitions, as well as other digital footprint security threats.

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor