Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Sky may have suffered a major network breach

Image Description

Cybersecurity researchers have found what appears to be a configuration file hosted on a domain hosted by the Sky media group, which apparently lists access credentials of production-level databases in plain text.

Discovered by CyberNews researchers during a threat intelligence gathering operation, the file appears to be the main configuration file of the application hosted on the ‘upliftmedia’ subdomain of Sky.com

In addition to plain text access credentials to databases, the file also contains addresses to development endpoints. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window

The researchers reported the issue to Sky last week, following which the configuration file was no longer accessible.

But, where’s the database?

The researchers claim the file was first indexed by an Internet of Things (IoT) search engine last month, which thankfully enforces a 30 day grace period during which the file is only available to white hat researchers.

Since the file wasn’t flagged or taken down, it became visible to everyone last week, after the expiration of the grace period.

“There’s no way to tell what data is being stored on the production server. With that said, exposed configuration files can serve as quick infiltration shortcuts for ransomware groups that could take a company’s servers and data hostage,” note the researchers who found the credentials, but not the database itself.

They add that threat actors are always on the lookout for such misconfigurations, and capitalize on the mistakes and oversights by companies of Sky’s size and importance, and contend that anyone who knew where to look could have accessed the data using the authentication credentials listed in the configuration file.

TechRadar Pro has contacted Sky for comment.

Date

11 Oct 2021

Sources


Share


Other Blog

  • Turns out a lot of us are really bad at behaving on Zoom calls

    After another bumper year for video calls across the world, Zoom has released a series of somewhat surprising facts about some of the oddest facts it has gathered about users in 2021.

    The video conferencing platform carried out a global survey and combined the results with its own internal insights to show how we really used Zoom - with some particularly odd findings.

    This includes over half (53%) of Zoom users saying it was OK to eat during meetings, 42% saying they have made a call from their beds, and over a quarter (26%) saying they almost never showered before going on a call.

    Zoom in 2021

    Covering the period of November 15 2020 to November 15 2021, the company's survey discovered that Wednesday was the most popular day of the week for Zoom calls, followed by Tuesday and Thursday.

    The average length of a Zoom call was a whopping 54 minutes, with the average meeting size found to be 10 participants.

    Zoom, which was used in nearly 200 countries and territories around the world, also found that January 21 2021 was the busiest day of the year for virtual meetings, with February 25 the most popular day for webinars.

    Elsewhere, nearly three-quarters (71%) of Zoom users have had to say the phrase "you're on mute" at some point in the last 12 months, with 57% needing to ask if everyone on a call could see their screen.

    75% of users said they waved goodbye at the end of their meetings, with outdoor landscapes (26%) proving slightly more popular than blurred backgrounds (25%) or company logos (20%).

    Just under half (43%) confessed to only cleaning the part of the room visible on camera, with the same number (43%) of parents having a child show up during a meeting, and 36% saying they have had a pet show up during a meeting.

    Read More
  • Microsoft Edge is getting a major security upgrade, but only if you have the right hardware

    Microsoft is adding support for Control-Flow Enforcement Technology in Edge to make its private browsing mode even safer.

    Read More
  • New Samsung Galaxy Book Pro laptops may include some exciting features

    Reports suggest Samsung is working on two Galaxy Book Pro laptops.

    Read More
  • New iPad mini 2021 doesn't support the same 5G tech as iPhone 13 or iPad Pro

    Apple's new iPad mini is capable of connecting to 5G networks, but it doesn't work with mmWave 5G.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us