Researchers at Sansec studied 2,037 online stores and found roughly 12% of them had backups exposed in publicly accessible directories. The backup data is typically composed of ZIP, SQL, and TAR files. Data in these backups often include database passwords, hidden administration URLs, API keys, and even customer data.
Because this issue is sometimes a blind spot for administrators, threat actors scan the web attempting to discover these backup directories in order to compromise associated websites. Online stores are valuable targets for attackers as they present the opportunity to intercept payments from customers. The desirability of this type of attack is compounded by the relative ease of performing long term scans for backup data on target websites.
Administrators of websites, and especially online stores, should regularly evaluate possible data exposure on their sites. Any time sensitive data is found by an administrator, passwords should be rotated for not only users but databases as well. Enabling two-factor authentication (2FA) can help mitigate any exposure of administrator login information. Analyzing logs for the web-server software in use can reveal unusually high activity from individual IP addresses. Rate limiting based on IP addresses and using security software like Fail2ban can help slow down attackers attempting to find exposed data.