"Cloud Database Exposes 800M+ WordPress Users' Records"
According to Website Planet, a misconfigured cloud database exposed over 800 million records linked to WordPress users before its owner was notified. The trove was left online with no password protection by US hosting provider DreamHost. The data in the database appeared to date back to 2018. In the 86GB database, there was purportedly admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps, and configuration and security information. Some of the leaked information was linked to users with .gov and .edu email addresses, the researchers stated. The database was secured within hours of DreamHost receiving a responsible disclosure notice from the researchers. The researchers noted that it was unclear how long the database had been exposed, potentially putting users at risk of phishing. Threat actors scanning for exposed databases like this have in the past also stolen and ransomed the information contained within.
Infosecurity reports: "Cloud Database Exposes 800M+ WordPress Users' Records"