On October 29, 2020, the Wizcase CyberResearch Team which was lead by Ata Hakcil has discovered that the server ‘Elasticsearch’ which is being owned by Polecat company, displayed about 30TB of record data on the website without any authentication required to access the records or any other form of encryption in place.
A UK-based data agency ‘Polecat’ that provides “a combination of advanced data analytics and human expertise, [to help] the world’s largest organizations achieve reputation, risk, and ESG (environmental, social, and governance) management success” its official website reads.
Researchers team had found records dating back to 2007 containing important information including employees’ usernames and passwords, social media records, around 6.5 billion tweets, and around one billion posts that generated from independent websites and blogs.
Polecat’s cyber research team ‘Chase Williams’ has reported its discovery in a blog post which has been published on First March of 2021.
The public information collected by the Polecat organization is gleaned on a foundation of daily happening events including subjects such as Covid-19, politicians, firearms, racism, and healthcare. Polecat was warned by the Wizcase research team about the data ransom on October 30 and the first of November 2020. Nevertheless, it just takes some seconds for an open unsecured server or bucket to be traced and exploited by malicious actors – and this took place a day after the researcher’s findings.
“On October 30, a Meow attack was launched against the database. Meow attacks replace database indexes with the suffix ‘gg-meow’, leading to the destruction of swathes of data” Wizcase said.
Additionally, it added “approximately half of the firm’s records were wiped, and then in a second wave a further few terabytes of information were deleted. At this point, roughly 4TB remained in the server. Most of these records were then destroyed and a ransom note was spotted by the researchers that demanded 0.04 Bitcoin (BTC) – roughly $550 at the time – in return for the files’ recovery”.
Wizcase research team has warned against these types of scams by saying that it is very essential to note that these types of cyberattacks are usually automated and sent to many unprotected open databases.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.