Massive information leak stemming from open directory listings detailed

CyberScoop reports that millions of files that may have sensitive information have been exposed by 314,000 internet-connected devices and servers with open directory listings, indicating potential significant exploitation. Database backups were present in hundreds of indexed devices while millions of files with usual spreadsheet file extensions were apparent in others, a Censys report revealed. Data potentially exposed by the open directories may include financial information, network packet capture files, and authentication and credential information, according to researchers. "From our perspective, this data indicates that there is a potential goldmine of database-related information exposed on the internet that could be used by malicious parties to exploit weaknesses, compromise sensitive information, and launch targeted attacks," said researchers. The severity of data exposure from open directory listings was also emphasized by Stairwell security researcher and Ransomware Task Force member Silas Cutler. "For defenders, open directories can inadvertently expose sensitive information like development artifacts, backups, and other sensitive information," Cutler added.