30 Million protected links exposed by 'safe' link-sharing provider

Posted on 2024-12-04 by guenni

Sicherheit (Pexels, allgemeine Nutzung)Cybernews research found out, that a safe linking service accidentally leaked millions of links that were meant to be private and exposed who created them. Researchers discovered that Safelinking.net, a platform designed to protect and manage links, had publicly leaked a tremendous amount of user data that was supposed to be protected. Apart from making 30 million private links public, the platform also exposed the account data of over 156,000 users.

Advertising

Safe linking services allow you to create protected links with various safety controls, such as passwords, PINs, IP address limitations, or real-time URL scanning, to secure access and protect users from malicious links.

Microsoft and Google integrated safe linking to their products long ago. For those who do not subscribe to the tech giants' solutions, there are platforms on the internet that provide similar services. However, using third-party services can pose risks, particularly when human error occurs.

What data was leaked?

  • Usernames
  • Emails
  • Encrypted password with salt and API hashes
  • Notification settings
  • Security settings associated with the links
  • Social media account IDs
  • Protected links

Malicious bots find the data

The leak was caused by a poorly configured and passwordless MongoDB database. After investigating the leak, the research team discovered traces of malicious bots that had already targeted the unprotected database.

Misconfigured MongoDB databases are often targeted by automated bots, which insert README notes with a ransom demand. If the database owner does not pay the ransom, the bots destroy the database's content by sending a "delete" command.

Advertising

Such a note was discovered in the leaked database belonging to Safelinking. The note demanded payment of 0.0057 BTC, which at the time of publishing, was nearly $660. "In 48 hours, your data will be publicly disclosed and deleted," reads the ransom note.

Following the ransom demand, a malicious bot destroyed the open database, which is now not publicly available. We have contacted the company for a comment, but we have yet to receive a response. More details about that research can be read here.

Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).