10,000 databases with more than 10 billion credentials exposed

John E. Kaye
- Published
- News, Technology

Recently, researchers have identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers.
The databases were found across 20 different countries, with China being at the top of the list — the country had nearly 4,000 exposed databases. This means that potentially more than 2.6 billion users could have had their accounts breached.
The United States comes second, with nearly 3,000 unsecured databases and almost 2.3 billion entries made available online.
India was third, with 520 unsecured databases and 4,878,723 entries.
Sensitive vs testing data
While some of this data might be useless and only used for testing, much of it could be damaging if exposed. Some of the largest data leaks of last year resulted from exposed databases. For example, millions of Facebook records were exposed on a public Amazon server. In another incident, an unsecured database exposed information of 80 million US households. The data included victims’ addresses, income, and marital status. A rehabilitation clinic in the US also suffered from a data leak, over which nearly 150,000 patients had their personal information exposed. The most worrying part is that this data was not leaked by a persevering hacker — it was simply sitting there in a public database. .
Low-skilled job
While the idea of searching for exposed databases may seem complex, the process itself is quite straightforward. Search engines like Censys or Shodan scan the web constantly and let anyone view open databases in just a few clicks. If the database managers used the default logins, getting into one would be a piece of cake.
“In fact, with proper equipment, you could easily scan the whole internet on your own in just 40 minutes,” says Chad Hammond, security expert at NordPass.
The essentials of database security
Data security and protection should be a top priority. “Every company, entity, or developer should make sure they never leave any database exposed, as this is obviously a huge threat to user data,” says Chad Hammond.
When asked to highlight the main points of database security, the expert emphasised:
“Proper protection should include data encryption at rest, wire (in motion) data encryption, identity management, and vulnerability management.
Data can be exposed to risks both in transit and at rest and therefore requires protection in both states. While there are several different approaches, encryption plays a major role in data protection and is a popular tool for securing data both in transit and at rest.
Nevertheless, all data should be encrypted using trusted and robust algorithms instead of custom or random methods. It’s also important to select appropriate key lengths to protect your system from attacks.
Identity management is another important step and should be used to ensure that only the relevant people in an enterprise have access to technological resources.
Finally, every company should have a local security team responsible for vulnerability management and able to detect any vulnerabilities early on,” says Chad Hammond.
As for the users, the security expert yet again draws attention to the importance of a strong password. “The fact that we have more than 10 billion passwords up for grabs should only encourage people to think of strong, lengthy passwords. If your password is “12345”, no firewall in the world will protect your data. Your password shouldn’t be a dictionary word either — an average person uses only about 20,000-30,000 words, so chances are that all of them are already among those 10 billion,” says the NordPass security expert.
Methodology: NordPass partnered up with a white hat hacker, who scanned elastic search and mongoDB libraries, looking for exposed, unprotected databases. Once found, he logged into those public databases and checked what kind of data could be found there. The white hat hacker has shared with NordPass how many exposed databases and entries he had found. The hacker requested to stay anonymous. Time frame: June 2019 to June 2020.
For more information visit: nordpass.com
For more Technology and Daily news follow The European Magazine
Sign up to The European Newsletter
RECENT ARTICLES
-
UK backs satellite-AI projects to tackle climate and transport challenges
-
Investors with €39bn AUM gather in Bologna to back Italy’s next tech leaders
-
Miliband: 'Great British Energy will be self-financing by 2030'
-
First dedicated civils trade show in UK for 20 years announced for ExCeL London
-
Axians and Nokia expand partnership to strengthen communications infrastructure across EMEA
-
Google commits £5bn to UK in major AI and research expansion
-
XTI Aerospace launches Founders Club for TriFan 600 backers
-
New ranking measures how Europe’s biggest retailers report on sustainability
-
CEOs who endured childhood disasters show greater appetite for risky debt, study finds
-
Galorath appoints Julia Gerth to lead EMEA and APAC sales in global expansion push
-
UK to restart trade talks with China after seven-year pause
-
AM Best affirms Active Re’s ‘A’ rating for third year running
-
UK contract recruitment rises despite slowdown in permanent hiring
-
Forterro buys Spain’s Inology to expand southern Europe footprint
-
Singapore student start-up wins $1m Hult Prize for education platform
-
Nigeria’s startup scene takes global stage as Lagos hosts inaugural GITEX NIGERIA
-
City and Gulf investors track golf’s newest global venture
-
UK businesses increase AI investment despite economic uncertainty, Barclays index finds
-
French CEOs warn politics and geopolitics now threaten bottom lines, ESSEC study finds
-
Study links female-dominated classrooms to higher lifetime earnings for women
-
Inside London’s £1bn super-hotel with £20k penthouses, private butlers and a gilded eagle
-
Kia America hits record monthly sales as EV demand surges
-
Trump family’s crypto debut adds $5bn to fortune amid ethics row
-
Warren Buffett turns 95 – the secrets behind a $130 billion fortune
-
Most game developers now using AI in their workflows, Google Cloud study finds