Millions of MySQL servers found exposed online - is yours among them?

A person holding a virtual cloud in the palm of their hand.
(Image credit: Shutterstock)

Millions of MySQL servers were recently discovered to be publicly exposed to the internet, and using the default port, researchers have found. 

Nonprofit security organization, The ShadowServer Foundation, discovered a total of 3.6 million servers are configured in such a way that they can easily be targeted by threat actors.

Out of the total 3.6 million, 2.3 million are connected over IPv4, while 1.3 million over IPv6. They’re all using the default TCP port 3306.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

"While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed," the non-profit explained in an announcement.

Misconfigurations lead to data compromise

Most of the servers are found in the United States (more than 1.2 million), with China, Germany, Singapore, the Netherlands, and Poland, also hosting significant numbers of servers. 

Internet-connected servers are a major pillar in today’s enterprise, as it allows web services and applications to operate remotely. But misconfigured servers are one of the most frequent errors that lead to data loss, as many ransomware attacks, and remote access trojan (RAT) deployments, have started with a misconfigured database.

Researchers have been very vocal about the need to properly secure databases, which includes strict user policies, changing and monitoring ports, enabling binary logging, keeping a close eye on queries, and encrypting all of the data, BleepingComputer reminds in its report.

A report from IBM published in May 2021 claimed that 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure. 

This time last year, the company polled 524 organizations that suffered a data breach between August 2019 and April 2020, and also found that the average cost of a data breach increased by half a million dollars during that time.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Thousands of misconfigured building access systems have been leaked online
Data leak
Popular online bill paying site leaks data of thousands of users
Data leak
Top healthcare company exposes data on millions of patients - find out if you're affected
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
An illustration of a hand holding a set of keys in front of a laptop, accompanied by a padlock symbol, fingerprint, and key.
Thousands of SonicWall VPN devices are facing worrying security threats
Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'