February 2017: The month in hacks and breaches

An unsecured MongoDB database, sluggishness about disclosing and patching vulnerabilities, and “I was just curious” were among the contributing factors to the month’s incidents.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.

Then, on February 10, as many as 20 hackers (or groups of hackers) exploited a recently patched REST API vulnerability to deface over 1.5 million web pages across about 40,000 WordPress websites. “The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later,” Lucian Constantin reported.

The month wrapped up with a breach impacting more than 800,000 user accounts from CloudPets, purveyor of smart teddy bears. The culprit: an unsecured, publicly exposed MongoDB database.

But that wasn't all the news from February. Register now to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.

To continue reading this article register now