"DepositFiles Exposed Config File, Jeopardizing User Security"

DepositFiles is a service that claims to be the ideal location to store and share files. However, researchers discovered DepositFiles' publicly hosted environment configuration (config) file, a critical record of how to run software. The file exposed payment service credentials, Abuse and Support email credentials, and more. Due to this exposure, the service's clients are at risk of having their Personal Identifiable Information (PII), files, and passwords stolen. Researchers noted that attackers could also target the company with malware, ransomware, and unauthorized access to business payment systems. They believe that the environment configuration file was exposed beginning in February 2023 based on the indexing of another sensitive file. This article continues to discuss DepositFiles' environment configuration file being left accessible and the potential impact of this exposure.  

Security Affairs reports "DepositFiles Exposed Config File, Jeopardizing User Security"