February 2017: The month in hacks and breaches
On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.
Then, on February 10, as many as 20 hackers (or groups of hackers) exploited a recently patched REST API vulnerability to deface over 1.5 million web pages across about 40,000 WordPress websites. “The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability’s existence until a week later,” Lucian Constantin reported.
The month wrapped up with a breach impacting more than 800,000 user accounts from CloudPets, purveyor of smart teddy bears. The culprit: an unsecured, publicly exposed MongoDB database.
But that wasn’t all the news from February. Register now to see a timeline of last month’s hacks and breaches, compiled by application security provider Checkmarx.