MacKeeper Security Researcher Chris Vickery has reported on yet another misconfigured database. This one belongs to PG& E in California. Whether the database contains real data or not is something the Department of Homeland Security should investigate, as the company tells Chris the data are “fake,” and Chris does not believe them, partly because entities generally do not bother generating hundreds of thousands of fake log records.
Chris reports:
According to the U.S. Department of Homeland Security, electric utility companies are part of the nation’s “critical infrastructure.”
Last week I discovered a data breach involving Pacific Gas and Electric, a very large electric utility company in California. The publicly exposed database appeared to be PG&E’s asset management system. Among other things, it contained details for over 47,000 PG&E computers, virtual machines, servers, and other devices. All of it completely unprotected. No username or password required for viewing.
We’re talking about IP addresses, operating systems, hostnames, locations, MAC addresses, and more. This would be a treasure trove for any hostile nation-state hacking group. That’s not to mention the 120 hashed employee passwords, or the plaintext NTLM, SOAP, and mail passwords.
Read more on MacKeeper.