Millions of MySQL servers (opens in new tab) The researchers found that it was recently found to be publicly exposed on the internet and was using a default port.
The ShadowServer Foundation, a nonprofit security group, found that a total of 3.6 million servers are configured in such a way that they are easy targets for threat actors.
Of the 3.6 million total, 2.3 million were connected via IPv4 and 1.3 million were connected via IPv6. They both use the default TCP port 3306.
“While we do not examine possible levels of access or exposure to specific databases, this exposure is a potential attack surface that should be closed,” the nonprofit explained in the announcement.
Misconfigurations lead to data breaches
Most of the servers are located in the US (over 1.2 million), with a large number of servers also hosted in China, Germany, Singapore, the Netherlands and Poland.
Networked servers are the backbone of today’s businesses because they allow Web services and applications to run remotely.But a misconfigured server is one of the most common mistakes that lead to data loss (opens in new tab)because many ransomware attacks and remote access Trojan (RAT) deployments start with a misconfigured database.
In its report, BleepingComputer cautioned that researchers have been very clear about the need to properly secure databases, including strict user policies, changing and monitoring ports, enabling binary logging, keeping an eye on queries, and encrypting all data.
An IBM report released in May 2021 said 19 percent of data breaches were due to IT teams failing to properly secure assets found in their cloud infrastructure.
This time last year, the company surveyed 524 organizations that suffered data breaches between August 2019 and April 2020, and also found that the average cost of a data breach increased by $500,000 during that period.