• United States



February 2017: The month in hacks and breaches

Mar 01, 20171 min
Consumer ElectronicsData BreachOpen Source

An unsecured MongoDB database, sluggishness about disclosing and patching vulnerabilities, and “I was just curious” were among the contributing factors to the month’s incidents.

clock and calendar montage
Credit: Thinkstock

On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.

Then, on February 10, as many as 20 hackers (or groups of hackers) exploited a recently patched REST API vulnerability to deface over 1.5 million web pages across about 40,000 WordPress websites. “The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability’s existence until a week later,” Lucian Constantin reported.

The month wrapped up with a breach impacting more than 800,000 user accounts from CloudPets, purveyor of smart teddy bears. The culprit: an unsecured, publicly exposed MongoDB database.

But that wasn’t all the news from February. Scroll down to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.