Millions of MySQL servers (opens in new tab) were recently discovered to be publicly exposed to the internet, and using the default port, researchers have found.
Nonprofit security organization, The ShadowServer Foundation, discovered a total of 3.6 million servers are configured in such a way that they can easily be targeted by threat actors.
Out of the total 3.6 million, 2.3 million are connected over IPv4, while 1.3 million over IPv6. They’re all using the default TCP port 3306.
“While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed,” the non-profit explained in an announcement.
Misconfigurations lead to data compromise
Most of the servers are found in the United States (more than 1.2 million), with China, Germany, Singapore, the Netherlands, and Poland, also hosting significant numbers of servers.
Internet-connected servers are a major pillar in today’s enterprise, as it allows web services and applications to operate remotely. But misconfigured servers are one of the most frequent errors that lead to data loss (opens in new tab), as many ransomware attacks, and remote access trojan (RAT) deployments, have started with a misconfigured database.
Researchers have been very vocal about the need to properly secure databases, which includes strict user policies, changing and monitoring ports, enabling binary logging, keeping a close eye on queries, and encrypting all of the data, BleepingComputer reminds in its report.
A report from IBM published in May 2021 claimed that 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure.
This time last year, the company polled 524 organizations that suffered a data breach between August 2019 and April 2020, and also found that the average cost of a data breach increased by half a million dollars during that time.
