Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Databases

One Petabyte of Data Exposed Via Insecure Big Data Systems 50

chicksdaddy writes: Behind every big data deployment is a range of supporting technologies like databases and memory caching systems that are used to store and analyze massive data sets at lightning speeds. A new report from security research firm Binaryedge suggests that many of the organizations using these powerful data storage and analysis tools are not taking adequate steps to secure them. The result is that more than a petabyte of stored data is accessible to anyone online with the knowledge of where and how to look for it.

In a blog post on Thursday, the firm reported the results of research that found close to 200,000 such systems that were publicly addressable. Binaryedge said it found 39,000 MongoDB servers that were publicly addressable and that "didn't have any type of authentication." In all, the exposed MongoDB systems contained more than 600 terabytes of data stored in databases with names like "local," "admin," and "db." Other platforms that were found to be publicly addressable and unsecured included the open source Redis key-value cache and store technology (35,000 publicly addressable instances holding 13TB of data) and 9,000 instances of ElasticSearch, a commonly used search engine based on Lucene, that exposed another 531 terabytes of data.
This discussion has been archived. No new comments can be posted.

One Petabyte of Data Exposed Via Insecure Big Data Systems

Comments Filter:
  • by invictusvoyd ( 3546069 ) on Saturday August 15, 2015 @06:20PM (#50323965)
    They stole the data which I had stolen from the guys who stole it . Damn thieves !!
  • by JustAnotherOldGuy ( 4145623 ) on Saturday August 15, 2015 @07:44PM (#50324297)

    There's no need to secure mongoDB because it's webscale. That means it's invulnerable to hackers and bad programming.

    • by Anonymous Coward

      There's no need to secure mongoDB because it's webscale. That means it's invulnerable to hackers and bad programming.

      Was funny years ago.

      https://www.youtube.com/watch?v=b2F-DItXtZs

      • by KGIII ( 973947 )

        At this point in time I would like to submit, for evidence, the GPs user name and indicate that, as such, they are likely to be "old."

        So, of course, it stands to reason that their joke would have been funny years ago.

  • Status of memcached is quite infortunate. We need it to share sessions across hosts, which is a requirement for load balancing, but it has no authentication feature

    I read that latest versions support SASL, though.

  • by Anonymous Coward

    So, how many of these databases contain Clinton's e-mail stash?

  • It's OK... it puts most of the bad guys over their data caps when they attempt to download it all.

  • Even one focuses on ID theft. But how about some one intentionally corrupting data such as the 'deleted_beacuse_you_didn't_password_protect_your_mongodb' entry.

    By corrupting data you can create a 'Tuttle vs Buttle' event if those data are use for intelligence dragnets or throw a nice monkey wrench into someones high speed trading algorithm. Remember, your results are only as good as your data allow them to be.

  • its amazing they are havin an drought.
  • more than a petabyte of stored data is accessible to anyone online with the knowledge of where and how to look for it.

    (Readable sites and login-credentials) picts or it didn't happen.

    On an on-topic item: I, too, worked for a company where the SOP was to run a NAS with over 12PB of storage and the default credentials were used "for support reasons." For the rounding-off-error area of 40TB I controlled I was finally able to extract a concession and change a single character of the password: an "o" to a "0".

    At least it wasn't accessible on the internet. And that change kept anyone internally from logging into my sectio

  • Insert "MongoDB only pawn in game of life" reference here.

Computer programs expand so as to fill the core available.

Working...