Catalin Cimpanu reports:
To add insult to injury, after users were infected by a malware strain that stole their passwords and personal data, the malware operators forgot to secure their backend servers, which leaked sensitive user information for hundreds of thousands of victims for more than a month.
For weeks, Bob Diachenko, Cyber Threat Intelligence Director at security firm Security Discovery, has been trying to convince a cloud provider to intervene and take down a malware group’s server that was leaking hundreds of thousands of stolen passwords and millions of authentication cookies.
The data was leaked via an Elasticsearch server left exposed online without a password.
Read more on The Record.