It was a vast operation,spanning the entire globe.
With this information, we were able to expose their operation.
Incident Summary
- Note: these figures are from the period June - September 2020.
All the data stored in the database from before this time was wiped in a cyberattack.
We believe many more people were victims of the scam before this.
Meow has been successfully targeting many unsecured Elasticsearch databases in recent months and wiping their data.
But rare are these times.
Most often, it takes days of investigating before we understand whats at stake or whos leaking the data.
Early in our investigation,we contacted Facebook to notify the company of our discoveryand present our initial findings.
The database went offline the same day and was no longer accessible.
We believe the fraudsters did this following the Meow attack, but cant confirm.
Finally, the victim was redirected to the Google Play page for an unrelated Facebook analytics app.
In this phase,the fraudsters hoped to direct people to a huge Bitcoin fraud scheme.
However, the fake news websites created by the fraudsters all eventually directed people to their Bitcoin websites.
At this point, their money would be gone forever, stolen by the fraudsters.
This included:
This massive amount of data came froma short timeframe: June to September 2020.
However,the scam was probably much more extensive and had been operating for far longer.
At the time Shodan registered it, the database contained 11GB of additional data potentially related to the scam.
However, new data started appearing immediately after the attack until the database was secured later that day.
It’s possible the exposed database was part of a much bigger operation.
it’s possible for you to also use our password meter toensure your current passwords are strong enough.
Never provide usernames and passwords for Facebook, email, or financial accounts to external websites.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
It shows you the many ways cybercriminals target internet users and the steps you could take to stay safe.
Each identified weakness is thoroughly probed for any signs of data leakage.
Our team was able to access this database because it was completely unsecured and unencrypted.
The fraudsters were using an Elasticsearch database, which is ordinarily not designed for URL use.
These ethics also mean we carry a responsibility to the public.
Facebook users must be aware of scams targeting them.
The purpose of this web mapping project is tohelp make the internet safer for all users.
We never sell, store, or expose any information we encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
This has included a state inIndia exposing data for millions of Covid-19 patientsin the country.
Help Us Protect The Internet!
