Misconfigured server inadvertently leaks Lorenz ransomware data

Data from individuals who contacted the Lorenz ransomware group between June 3, 2021 and Sept. 17, 2023, including names, email addresses, and online form subject lines, were accidentally leaked due to a misconfigured Apache2 web server, according to The Register. Such a misconfiguration facilitated back-end PHP code exposure from their login form, said security researcher htmalgae, who discovered and published the leaked data. While most of the impacted individuals leveraged aliases and Proton Mail email addresses, some of the exposed data were noted to be obtained from reporters, security researchers, and financial service workers. "It was probably one of the easiest leaks I've discovered so far. During my daily sweep of all the ransomware shame sites, I came across Lorenz's broken contact form. It was really as simple as viewing the source on the page and copy-pasting the leaked file path. It was pretty much placed in my lap, I didn't even need to do a vulnerability scan," said htmalgae.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.