Hacktivist Protests Poor Security Practices

Kelly Strain

security ghost in the shell

 

GhostShell leaked an estimated 36 million account details from 110 poorly configured MongoDB servers. This hack, dubbed Project Vori Dazel, marks one of the largest breaches this year.                                                                                                                          

“I am leaking more than 36 million accounts/records of internal data from [networks] to raise awareness about what happens when you decide not to even add a username and password as root or check for open ports, let alone encrypt the data.” GhostShell via Pastebin

The leaked data includes:

  • Full names
  • Usernames
  • Date of birth
  • Email address
  • Phone number
  • Gender
  • Payment gateway information
  • Job titles
  • Wedding dates
  • Social content – Facebook/Twitter IDs, profile pictures and tokens
  • Confidential email content
  • Metadata – device information, geo-location data, user agents and more

GhostShell explains that most system administrators, “don’t bother checking for open ports on their newly configured servers, which can lead to anyone infiltrating the network and managing their internal data without any interference.”

This stunt should clarify the importance of proper security (if the LinkedIn hack did not serve as warning enough).

We understand that security is complex and for many software professionals an incredibly intimidating task that is easy to ignore. In an effort to help, we’ve complied everything our development team knows into a free, code-filled guide.

Security Best Practices 

Our 2016 Guide to User Data Security covers server and application security – more specifically configuration, server architecture, firewalling, two-factor authentication, intrusion detections, provisioning, etc. These are no longer optional features, these added security layers are requirements in our hostile cyber world.

unspecified

Simply put, the guide covers a set of best practices and core guidelines that will help you secure your user data. It is by no means exhaustive, but if you implement each of the concepts outlined in the guide your user data will be highly secure.

Don’t be the next newsworthy hack.

Get started.