In total, 308,000 unsecured databases were found exposing sensitive assets worldwide of which around 90,000 databases have already been identified in the first quarter of 2022, a dramatically higher number than last year.
In July 2020, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. Now, the IT security researchers at Group-IB have revealed startling figures about the surge in exposed databases.
Cybersecurity firm Group-IB’s Attack Surface Management team confirmed identifying 308,000 exposed databases in 2021, and over 165,000 of them were identified in the second half of the year.
The Singapore-based firm’s researchers continually scan the IPv4 ecosystem to detect external-facing assets hosting vulnerable or exposed databases, phishing panels, malware, and JS-sniffers. The researchers found 399,200 exposed databases between Q1’21 and Q1’22 and 308,000 in 2021, marking a 16% increase from the second half of 2021.
The severity of misconfigured and exposed databases can be quantified by the fact that earlier this year, Anonymous and its affiliate group of hackers compromised around 90% of Russian cloud databases that were exposed to the public without any security authentication or password.