Data from individuals who contacted the Lorenz ransomware group between June 3, 2021 and Sept. 17, 2023, including names, email addresses, and online form subject lines, were accidentally leaked due to a misconfigured Apache2 web server, according to The Register.
Such a misconfiguration facilitated back-end PHP code exposure from their login form, said security researcher htmalgae, who discovered and published the leaked data. While most of the impacted individuals leveraged aliases and Proton Mail email addresses, some of the exposed data were noted to be obtained from reporters, security researchers, and financial service workers.
"It was probably one of the easiest leaks I've discovered so far. During my daily sweep of all the ransomware shame sites, I came across Lorenz's broken contact form. It was really as simple as viewing the source on the page and copy-pasting the leaked file path. It was pretty much placed in my lap, I didn't even need to do a vulnerability scan," said htmalgae.
BleepingComputer reports vulnerable ConnectWise ScreenConnect servers impacted by the CVE-2024-1708 and CVE-2024-1709 flaws were observed by Sophos X-Ops researchers to have been subjected to numerous LockBit ransomware attacks since Feb. 21 .