27. June 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

On 16 April 2021, security researcher Jeremiah Fowler together with the Website Planet Research Team revealed a non-password secured database with less than one billion records. The leaked documents included WordPress account user names, display names, and emails. 

Over 800 million WordPress-linked records are leaked in this misconfigured cloud database. There are many internal documents leaked that should not be available to the general public in the monitoring and file logs. 

Multiple references to DreamHost were discovered upon further study. The well-known hosting company for over 1.5 million websites is also an easy way to install, the famous WordPress blog platform. DreamPress is Dream Host’s Managed WordPress hosting, as per their website. It’s a scalable solution that can administer WordPress websites for users. 

They uncovered 814 million records from the managed WordPress hosting company DreamPress, which appeared to be from 2018. 

Allegedly, there were administration and user data in the 86GB database, containing URLs for WordPress login, first and last names, email addresses, user names, roles, IP addresses of the Host, time stamps, and settings and security information. 

Fowler said that some of the disclosed data were associated with users using .gov and .edu email addresses.