Attackers will try to use the stolen passwords to perform a credential stuffing attack, where they use the information to attempt to login to multiple sites in hopes that someone used the same password for a more valuable account such as email, social media, online banking or tax preparation. Users are highly recommended to create passwords that are unique to the login and complex through the use of numbers, special characters, and both uppercase and lowercase letters that are not words or names. There are a multitude of password managers available that can assist in picking strong passwords and recording passwords for later retrieval by the user. For companies that use Internet-connected databases, they should perform routine security audits to ensure that they have followed recommended procedures including encryption of data and protecting the server’s administrator accounts with strong passwords and multi-factor authentication. Another best practice to employ for database servers is to limit the IP addresses that can connect to them using strong firewall rules to allow connections from only the web servers that need to access the data, and then only through a validated certificate, strong password or API key.

Source Article: https://www.infosecurity-magazine.com/news/misconfigured-cloud-server-exposes/