800+ Million WordPress Users Records Leaked Online

On 16 April 2021, security researcher Jeremiah Fowler together with the Website Planet Research Team revealed a non-password secured database with less than one billion records. The leaked documents included WordPress account user names, display names, and emails. 

Over 800 million WordPress-linked records are leaked in this misconfigured cloud database. There are many internal documents leaked that should not be available to the general public in the monitoring and file logs. 

Multiple references to DreamHost were discovered upon further study. The well-known hosting company for over 1.5 million websites is also an easy way to install, the famous WordPress blog platform. DreamPress is Dream Host’s Managed WordPress hosting, as per their website. It’s a scalable solution that can administer WordPress websites for users. 

They uncovered 814 million records from the managed WordPress hosting company DreamPress, which appeared to be from 2018. 

Allegedly, there were administration and user data in the 86GB database, containing URLs for WordPress login, first and last names, email addresses, user names, roles, IP addresses of the Host, time stamps, and settings and security information. 

Fowler said that some of the disclosed data were associated with users using .gov and .edu email addresses. 

Nevertheless, within hours of receiving a timely notice by Dream Host from Fowler, the database was secured. 

However, the study stated the duration of exposure was not apparent, and users could be in danger of phishing. Threat actors that scan for unprotected databases such as this have also seized and ransomed the data contained within. 

Fowler also pointed out “actions,” for example domain registers and renewals, in a database record.

“These could potentially give an estimated timeline of when the next payment was due and the bad guys could try to spoof an invoice or create a man-in-the-middle attack,” he argued. “Here, a cyber-criminal could manipulate the customer using social engineering techniques to provide billing or payment information to renew the hosting or domain registration.” 

This type of problem becomes increasingly widespread due to the complexity of modern cloud environments.