A massive database belonging to the Vietnam Post Corporation has been found "wandering" online with no credentials to protect it in case someone came snooping, which is precisely what happened.
Unprotected databases are common in the wild - so much so that researchers and criminals alike are always on the lookout for them. The existence of such databases is usually the result of carelessness or commodity. One scenario is that database admins remove credentials to make it easier to connect online, then forget to put them back.
When the Cybernews team found the open database, it had more than 226 million logged events and measured 1.2 Terabytes in size. From the looks of it, it was still being used and updated in real time. Besides various logs, it also held employee names and emails.
What makes this even worse is that an XDR solution generated the logs, providing insight into the organization's structure, schedule, employees, etc.
"XDR tools are essential for cyber security personnel to keep track of what is happening in the network, allowing them to detect threats and respond effectively. When such systems fall into the wrong hands, it can give an attacker visibility into the network and monitor the response to potential threats they might unleash on the nodes in the network," explained the Cybernews researchers.
"This leak is significant, as it could have been used to assist in an attack against a governmental organization, which is often considered critical infrastructure. It could have been used to collect information about its employee's activities," Cybernews researchers added.
To top it all off, researchers contacted the Vietnam Post Corporation and warned them of the issue, but the database was visible online for at least 87 days. The organization cut access to the database eventually on Oct 6, but it sat in the open since July 8.