Who: Website builder Ucraft, an Armenia-based IT company, experienced a data leak affecting hundreds of thousands of users.
What: Ucraft's data, including unredacted domain registration information, user email addresses, hashed passwords (some using less secure MD5 hashing), old passwords, transaction data, partial credit card details, and database details, was exposed in a publicly accessible Google Cloud Storage Bucket. Malicious actors accessed and distributed the leaked data, posing various threats to Ucraft users, such as phishing, doxxing, spam, identity theft, credential stuffing, account takeovers, and potential exploitation of Ucraft's internal systems.
How: The Cybernews research team discovered the publicly accessible bucket during an investigation, containing database backups and logs from 2018. The data remained accessible for an extended period, with malicious actors accessing it. The database was posted on a hacker forum in March 2023, and it was still publicly accessible when Cybernews researchers found it on January 5th, 2024. After notifying Ucraft, access to the data was secured. The leaked information, especially unredacted domain registration details, poses a high risk of exploitation, making users susceptible to various cyber threats.
Read the full article HERE