Skip to main content

Ongoing Meow attack has nuked >1,000 databases without telling anyone why

posted onJuly 23, 2020
by l33tdawg
Arstechnica
Credit: Arstechnica

More than 1,000 unsecured databases so far have been permanently deleted in an ongoing attack that leaves the word “meow” as its only calling card, according to Internet searches over the past day.

The attack first came to the attention of researcher Bob Diachenko on Tuesday, when he discovered a database that stored user details of the UFO VPN had been destroyed. UFO VPN had already been in the news that day because the world-readable database exposed a wealth of sensitive user information, including:

  •     Account passwords in plain text
  •     VPN session secrets and tokens
  •     IP addresses of both user devices and the VPN servers they connected to
  •     Connection timestamps
  •     Geo-tags
  •     Device and OS characteristics
  •     Apparent domains from which advertisements are injected into free users’ Web browsers

Besides amounting to a serious privacy breach, the database was at odds with the Hong Kong-based UFO’s promise to keep no logs. The VPN provider responded by moving the database to a different location but once again failed to secure it properly. Shortly after, the Meow attack wiped it out.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th