Contents:
Over 100k user entries and administrative credentials were leaked from a cricket community social network. Cybernews researchers discovered that cricketsocial[.]com left an open database containing emails, phone numbers, names, hashed user passwords, dates of birth, and addresses.
Most of the entries appear to be test data, but the team’s study suggests that some are personally identifiable information (PII) from actual site users.
Even if all the information stored was test data, leaving data in plaintext is a poignant indication of bad security practices being employed. That creates unnecessary risks for unsound practices creeping into the production environment if left unchecked.
Cricketsocial.com is owned by an LLC situated in the United States. Apart from the Cricket League of New Jersey, the majority of the organizations mentioned on cricketsocial.com are located in India, according to the platform’s partner list on the website. Amazon Web Services (AWS) in the United States hosted the exposed database.
Reminder to Never Store Passwords in Plaintext
The accessible database also disclosed data that could be harmful to the website. The database, for example, appeared to contain plaintext passwords for a website administrator account. If the credentials were valid, threat actors might easily exploit this information to take control of the site.
The practice of storing passwords in plaintext is highly risky. There are still risks of exposure, even if databases are not accessible to the general public. When hackers breach a company’s database, they will have immediate access to any passwords stored in plain text.
The open instance stores not only the administrator’s credentials and users’ personal information, but also all of the website’s content. Content such as posts, comments, like counts, and image links are all saved in a single AWS storage bucket.
Despite the fact that some information from the bigger database was most likely used for testing purposes, security risks remain. According to the Cybernews research team, because much of the information in the disclosed database was kept in plaintext format, the security implications are high, as this data can be sold or used for identity theft or spam.
Leaving data in plaintext creates unnecessary risks for unsound practices creeping into the production environment if left unchecked. Once that is done, information can be sold for substantial amounts of money. Threat actors could later use this information for identity theft or spam.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
