Polecat, a UK-based data analytics company, provides clients with a wide range of advanced Data Analytics and Human Expertise tools. Sadly, this vendor focused on providing ESG (environmental, social, governance) management solutions has just become another victim of a data breach.
The incident was discovered on October 29, 2020 by Ata Hakcil, head of the security research team Wizcase. Polecat has been notified and quickly adjusted its security protection mechanism on November 2. But details about the event were not officially released until this week.
30TB of data leaked from unsecured server
According to Wizcase researchers’ analysis, the insecure Elasticsearch server used by Polecat leaked nearly 30 terabytes of data to the public network, and the server itself was not protected by any authentication or other form of encryption. In other words, any Internet user can access the records stored on this server at any time.
Further investigation revealed that the server stored a large number of business records dating back to 2008. The servers hold employee usernames and passwords, more than 6.5 billion tweets, more than 1 billion posts collected from various websites and blogs, and social media records.
Data breaches stem from human error
Much of the data exposed by Polecat was related to topics such as politicians, healthcare, COVID-19, racism, and guns. Once someone downloads the data and sells it to a competitor, it is likely to deal a heavy blow to Polecat’s business.
The researchers believe that the incident was likely caused by human error.
“The server exposed a series of protected usernames and hashed passwords of Polecat employees, indicating that the company has normal data protection security awareness, so the server disclosure is likely due to human error.”
Meow attack against databases
Wizcase reported information about Polecat’s data breach on October 30 and November 1 last year. However, since the server itself is not protected by any security, malicious people can successfully access the data within a day after getting the information.
According to Wizcase’s explanation in the blog post, “It is important to emphasize that these types of fraud/ransomware attacks are often automated and target a wide variety of open databases.”
On October 30, 2020, the database suffered a round of Meow attacks (the attacker used an automatic script to scan the open insecure database, and deleted it directly after finding it). In this attack, the index of the database was replaced with a gg-meow suffix, thereby destroying a large amount of data. After this battle, Polecat lost nearly half of its records.
In another wave of Meow offensive, data has undergone another round of looting. Today, there are only 4 TB of normal data left in this server. The researchers also found extortion notes that demanded a payment of 0.04 bitcoin (about $550) from Polecat to redeem the data.