{"id":1780,"date":"2023-09-27T19:43:34","date_gmt":"2023-09-27T19:43:34","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=77327"},"modified":"2023-09-27T19:43:34","modified_gmt":"2023-09-27T19:43:34","slug":"millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/09\/27\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say\/","title":{"rendered":"Millions of files with potentially sensitive information exposed online, researchers say"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Millions of files with potentially sensitive information exposed online, researchers say | CyberScoop<\/title> <meta name=\"description\" content=\"A survey by Censys found 314,000 distinct internet-connected devices and web servers with open directory listings.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/open-directories-exposed-files\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Millions of files with potentially sensitive information exposed online, researchers say\"> <meta property=\"og:description\" content=\"A survey by Censys found 314,000 distinct internet-connected devices and web servers with open directory listings.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/open-directories-exposed-files\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-09-27T19:43:34+00:00\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1695397585g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1695745539g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1695741454g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7af46db108fbc62fdcc9\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/77327\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=77327\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fopen-directories-exposed-files%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fopen-directories-exposed-files%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-77327 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/open-directories-exposed-files\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.085820895522\">\n<div class=\"single-article__header-content\" readability=\"31.373983739837\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> A survey by Censys found 314,000 distinct internet-connected devices and web servers with open directory listings. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (alengo\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"42.979591836735\"><body readability=\"86.408043032787\"><\/p>\n<p>Thousands of computers and other internet-connected devices are exposing millions of files with potentially sensitive data across the internet, either inadvertently or on purpose, leaving the data discoverable and potentially exploitable in any number of ways, <a href=\"https:\/\/censys.com\/dorking-the-internet-unlocking-secrets-in-open-directories\/\">an analysis published Wednesday<\/a> found.<\/p>\n<p>Researchers with <a href=\"https:\/\/censys.com\/\">Censys<\/a>, a service that indexes devices connected to the internet and the services they\u2019re running, recently indexed nearly 314,000 distinct internet-connected devices and web servers with open directory listings and at least one file. The scanner then took note of file names, paths, file sizes and last-modification timestamps, creating what the company calls \u201cone of the most comprehensive databases of all open directories on the internet.\u201d<\/p>\n<p>The analysis found hundreds of devices containing database backups, for instance, as well as devices \u201cserving millions of files with common spreadsheet file extensions.\u201d An examination of the spreadsheet filenames shows more than 9,000 with an indication of being related to financial data and thousands of other files that could contain authentication and credential data, network packet capture files, and more.<\/p>\n<p>The Censys researchers noted that they did not view the contents of the files, and did just enough to attempt to expose the current state of the problem.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cFrom our perspective, this data indicates that there is a potential goldmine of database-related information exposed on the internet that could be used by malicious parties to exploit weaknesses, compromise sensitive information, and launch targeted attacks,\u201d the researchers said. <\/p>\n<p>Files being exposed online in this manner is an established and well-documented phenomena, the researchers noted. An analysis of the last-modified timestamps shows \u201cthat most of the data was created or modified in 2023, illustrating that this old problem is still going strong even as organizations become more security-conscious.\u201d<\/p>\n<p>The exposed files are available via open directory listings, which are folders on web servers that list and link to all files on a given system. The directories are typically not openly accessible, but <a href=\"https:\/\/www.maketecheasier.com\/what-are-open-directories\/\">sometimes they end up open<\/a> anyway, whether on purpose for administrative or performance reasons or inadvertently due to configuration errors. The practice of finding open directories is a hobby for some, but data gleaned from the exposures could lead to serious damages or more serious cyberattacks.<\/p>\n<p>\u201cFor defenders, open-directories can inadvertently expose sensitive information like development artifacts, backups and other sensitive information,\u201d said Silas Cutler, a security researcher with Stairwell and a member of the Ransomware Task Force. <\/p>\n<p>Data exposures via misconfigurations can have major consequences. Health insurance data associated with roughly 56,000 Washington, D.C. residents \u2014&nbsp;including <a href=\"https:\/\/cyberscoop.com\/dc-health-exchange-breach-congress-defense-official\/\">prominent officials and members of Congress<\/a>, and their families \u2014&nbsp;was downloaded and posted on a cybercriminal forum in March. The attackers in that case <a href=\"https:\/\/cyberscoop.com\/dc-health-link-breach-russia-hacker-congress\/\">told CyberScoop<\/a> the data was essentially sitting in the open, and <a href=\"https:\/\/statescoop.com\/mandiant-report-dc-health-link-breach-cloud-server\/\">a subsequent analysis<\/a> confirmed a misconfiguration was to blame.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Open directories also aid researchers and others trying to fight crime and state-aligned hacking threats. In March, an anonymous security researcher found sensitive personal data for more than 550,000 users of a website for the buying and selling of guns after the hackers in that case left the data on an open server, <a href=\"https:\/\/techcrunch.com\/2023\/03\/02\/hackers-steal-gun-owners-data-from-firearm-auction-website\/?guccounter=1&amp;guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&amp;guce_referrer_sig=AQAAAE4ls_dKEI6bdZhLZYxN3QSo95w9ZPlZKubegGW-jfDcw1KDfmCrJR89sJOb-EQVdxgVjQmmkyVSCdVy-ssdxgbi6pOr7FpsbEcYYQap9hn43hhyFZK4VYUhTMS9dmKclVHFjV5ODkk6tm53ver6Vb0ca5lMlOuy0KNirjiYKTJk\">according to TechCrunch<\/a>.<\/p>\n<p>\u201cIn a Forest Gump way, open web directories are like a box of chocolates, sometimes it\u2019s a repository of Linux images, sometimes it\u2019s a nation state threat actor that made a mistake,\u201d Cutler said, pointing to <a href=\"https:\/\/stairwell.com\/resources\/akira-pulling-on-the-chains-of-ransomware\/\">a report he published last month<\/a> at Stairwell detailing data found this way from an exposed server being used to deploy the Akira ransomware variant.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2796208530806\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/millions-of-files-with-potentially-sensitive-information-exposed-online-researchers-say-1.jpg?w=640&#038;ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/open-directories-exposed-files\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Millions of files with potentially sensitive information exposed online, researchers<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[999,282,1000,1001],"tags":[1002,286,1003,1004],"class_list":["post-1780","post","type-post","status-publish","format-standard","hentry","category-censys","category-cybercrime","category-data-leak","category-open-directories","tag-censys","tag-cybercrime","tag-data-leak","tag-open-directories"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/censys\/\" rel=\"category tag\">Censys<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-leak\/\" rel=\"category tag\">data leak<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-directories\/\" rel=\"category tag\">open directories<\/a>","tag_info":"open directories","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1780"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1780\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}