As an ever-increasing amount of sensitive information continues to be digitally stored online, researches are finding it easier and easier to access that data without using any advanced techniques of complicated hacking tools. Researchers at the MacKeeper Security Research Center exposed the most recent example of delicate information available to the public according to a thorough piece published on Motherboard. The team discovered a tremendous amount of information regarding Joan Jett and the Blackhearts band members was left almost entirely unprotected.
Joan Jett and her band became famous in the 1980s for classic rock songs she performed as Joan Jett & the Blackhearts, which was also preceded by her success with the Runaways including their hit song “Cherry Bomb”. The Blackhearts album “I Love Rock ‘n’ Roll” was No. 1 on the Billboard Hot 100 from March 20 to May 1, 1982, and their other popular hits included “Crimson and Clover”, “I Hate Myself for Loving You”, “Do You Wanna Touch Me”, “Light of Day”, “Love Is All Around” and “Bad Reputation.”
The recent hack revealed scanned photos of her and a band members’ passports, Ms. Jett’s social security number, invoices, banking information, credit card data, social media account login credentials, copies of scanned checks from royalty payments, previously unreleased song demos and more. “I just can’t believe they were so ignorant when dealing with cybersecurity,” Bob Diachenko, a researcher at MacKeeper, told Motherboard in an email.
The cybersecurity expert goes on to explain that he accessed the information with simple consumer level tools like the search engine Shodan. Diachenko explained that he and his colleagues looked for vulnerable ports in different databases and protocols including MongoDB or rsync. When they found a misconfigured backup server belonging to Blackheart Records that didn’t have any password protection or authentication protection in place whatsoever, with port 873 (typically used for the file synchronization protocol rsync) left open they poked around inside. To their amazement they found more than 200 gigabytes of sensitive data. Nobody knows how long that data has been vulnerable or how many other people have accessed it before the researches brought it to light.
The implications from reports like these should be obvious. Even the most secure data center and best team of data security experts working on your behalf at the hosting level is only as strong as the steps you take to restrict your information in properly passworded and authentication secured locations. There are millions of scripts and plenty of people scouring the Internet each day in search of sensitive information, and while National Net will always do our part to safeguard the data of every client whose hosting we fully manage, we also want to remind everyone that leaving ports open or using “admin / password” as your login credentials is not something your team should be doing anywhere online.