Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Profile
    • Privacy & Cookie Policy
    • Terms of Use
    • Contact Us
    • Advertising
    • Submit Post
    • Latest News
    • Research Reports
    • Press Release
    • Awards▾
      • About the Awards
      • Awards TimeTable
      • Submit Nominations
      • Testimonials
      • Media Room
      • Award Winners
      • FAQ
    • Magazines▾
      • Global Banking & Finance Review Magazine Issue 79
      • Global Banking & Finance Review Magazine Issue 78
      • Global Banking & Finance Review Magazine Issue 77
      • Global Banking & Finance Review Magazine Issue 76
      • Global Banking & Finance Review Magazine Issue 75
      • Global Banking & Finance Review Magazine Issue 73
      • Global Banking & Finance Review Magazine Issue 71
      • Global Banking & Finance Review Magazine Issue 70
      • Global Banking & Finance Review Magazine Issue 69
      • Global Banking & Finance Review Magazine Issue 66
    Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

    Global Banking & Finance Review® is a leading financial portal and online magazine offering News, Analysis, Opinion, Reviews, Interviews & Videos from the world of Banking, Finance, Business, Trading, Technology, Investing, Brokerage, Foreign Exchange, Tax & Legal, Islamic Finance, Asset & Wealth Management.
    Copyright © 2010-2026 GBAF Publications Ltd - All Rights Reserved. | Sitemap | Tags | Developed By eCorpIT

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    Home > Business > Why open databases are easy pickings for cyber criminals
    Business

    Why open databases are easy pickings for cyber criminals

    Published by maria gbaf

    Posted on December 28, 2021

    5 min read

    Last updated: January 28, 2026

    Image of Kim Leadbeater addressing the media about proposed changes to the UK's assisted dying law, emphasizing the removal of High Court judge sign-off to enhance the legislative process.
    Lawmaker Kim Leadbeater discusses UK's assisted dying law changes - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Quick Summary

    Open databases are highly vulnerable to cyber attacks due to lack of security controls, leading to significant data breaches and financial losses.

    Why Open Databases Are Vulnerable to Cyber Attacks

    By David Sygula, Senior cybersecurity analyst at CybelAngel

    A truly colossal amount of personal data is routinely leaked or stolen on a daily basis. Research has found that over 36 billion records were exposed in 2020 alone.

    Many of these breaches were the result of highly sophisticated cyber attacks that are difficult for even the most well-protected firms to stop. But the truth is that countless records are left exposed online, requiring a criminal to do little more than locate them to cause a breach.

    The biggest issue is open databases, which are believed to be the cause of 86 percent of all publicly accessible sensitive data sets. These are databases which have been set up with no security controls, often lacking even a basic username/password requirement, which means they are freely accessible to anyone who can locate them. These misconfigurations are responsible for 67 percent of enterprise data breaches.

    Open data is like chum in the water for cyber criminals, and likely to be found and raided by attackers quickly and repeatedly. So how damaging are exposed databases, and what can be done to secure them?

    The mounting cost of unsecured data

    Some of the largest breaches in recent times have stemmed from unsecured public databases. In June it was discovered that a database of 815 million records was left unprotected by web hosting company DreamHost. Last year, BlueKai, a data analysis platform owned by Oracle was found to have left potentially billions of records exposed through an unsecured server.

    Such breaches can be cripplingly expensive for the data holder. The average cost of a breach involving 40-50 million records was estimated to be $364 million in 2020, an increase of $19m from the year before. The average cost in 2020 jumped to $388 million for incidents involving more than 50 million records.

    Alongside the obvious motivation of financial gain open databases may also be targeted by “Meow” attacks, which are thought to be a form of radical advocacy for data privacy. Data is completely deleted from the unsecured database, without an accompanying threat or ransom. The unusual name comes from the fact the original index is given a new name ending in ‘meow’. One of the first prominent Meow attacks hit UFO VPN, which had previously made the headlines due to another breach that exposed customer data that had been stored in plaintext.

    Whether misguided activism or simply a prank, these attacks are less damaging than criminal theft, but still problematic for the organisation. Not only do they have to contend with the repercussions of data loss, but the very nature of the attack makes it more difficult to identify the security vulnerabilities that were the root cause of the attack.

    Why are databases left exposed?

    Attackers can quite easily sniff out public databases using automated scanning tools. If the misconfiguration extends to a lack of any form of security control, they will simply be able to access the datasets immediately and copy, encrypt or delete as desired. Even when username/password measures are in place, they are often minimal at best, using common combinations or credentials that have been stolen in previous breaches.

    Research found indicates that MongoDB databases are the ones often hit by criminals as they are left publicly discoverable online and unprotected. However, this is likely due, in part, to the popularity of MongoDB rather than a particular failing, and these issues are common across most database types. We also found the majority of database security failings stem from third party and open source software.

    However, while technology is a key factor in database exposure, it is human error that tends to have the greatest impact. Common issues such as publicly discoverable databases that lack password protection will likely be the result of personnel that lacked the time, resources or knowledge to configure them correctly when they were first created. Similarly, neglecting routine tasks such as applying update patches will leave databases vulnerable to new malware and attack techniques.

    Minimising the risk

    It is accepted wisdom that some security breaches are unavoidable. An attack exploiting an unknown unknown is extremely difficult to detect and prevent before damage is inflicted. The majority of breaches involving databases however are the opposite.

    The main principle for effective database security is getting the basics right. Fundamental steps such as disabling a cloud database so that it is not publicly discoverable and ensuring that effective access controls are in place need to be completed every time any asset goes online. Likewise, good security hygiene around things like patch applications and credential reuse need to be followed to keep databases secure.

    To achieve this, firms not only need to have the right processes and tools in place, but also ensure that staff have the training and capacity to carry them out. Businesses need to make a judgement call whether it is best for them to develop these skills internally or outsource to a specialist.

    Organisations can also take steps to ensure their current IT estate is properly hidden and protected. Comprehensive IP scanning can help to detect leaks of sensitive and mission critical data, revealing databases that have been left publicly discoverable, as well as data that has already been breached. Ideally this should cover other assets such as OT, IoT, cloud applications and code repositories – anything that can potentially host sensitive data and is exposed to the internet.

    Firms also need to detect signs of attempted and successful attacks as quickly as possible, improving their chances of disrupting the kill chain early into the attack.

    With so much data already out in the world, and so many relentless threat actors targeting it, the staggering number of records breached every year is unlikely to go down any time soon. By taking the time to get the basics right and building a strategy around quickly detecting and preventing breaches, organisations can minimise their chances of becoming yet another breach statistic.

    Key Takeaways

    • •Open databases lack basic security controls.
    • •86% of sensitive data sets are exposed due to open databases.
    • •Misconfigurations lead to 67% of enterprise data breaches.
    • •Human error is a major factor in database exposure.
    • •Meow attacks highlight data privacy advocacy.

    Frequently Asked Questions about Why open databases are easy pickings for cyber criminals

    1What is the main topic?

    The article discusses the vulnerability of open databases to cyber attacks and their role in data breaches.

    2Why are open databases vulnerable?

    They often lack basic security measures, making them easy targets for cyber criminals.

    3What are Meow attacks?

    Meow attacks delete data from unsecured databases as a form of data privacy advocacy.

    More from Business

    Explore more articles in the Business category

    Image for Empire Lending helps SMEs secure capital faster, without bank delays
    Empire Lending helps SMEs secure capital faster, without bank delays
    Image for Why Leen Kawas is Prioritizing Strategic Leadership at Propel Bio Partners
    Why Leen Kawas is Prioritizing Strategic Leadership at Propel Bio Partners
    Image for How Commercial Lending Software Platforms Are Structured and Utilized
    How Commercial Lending Software Platforms Are Structured and Utilized
    Image for Oil Traders vs. Tech Startups: Surprising Lessons from Two High-Stakes Worlds | Said Addi
    Oil Traders vs. Tech Startups: Surprising Lessons from Two High-Stakes Worlds | Said Addi
    Image for Why More Mortgage Brokers Are Choosing to Join a Network
    Why More Mortgage Brokers Are Choosing to Join a Network
    Image for From Recession Survivor to Industry Pioneer: Ed Lewis's Data Revolution
    From Recession Survivor to Industry Pioneer: Ed Lewis's Data Revolution
    Image for From Optometry to Soul Vision: The Doctor Helping Entrepreneurs Lead With Purpose
    From Optometry to Soul Vision: The Doctor Helping Entrepreneurs Lead With Purpose
    Image for Global Rankings Revealed: Top PMO Certifications Worldwide
    Global Rankings Revealed: Top PMO Certifications Worldwide
    Image for World Premiere of Midnight in the War Room to be Hosted at Black Hat Vegas
    World Premiere of Midnight in the War Room to be Hosted at Black Hat Vegas
    Image for Role of Personal Accident Cover in 2-Wheeler Insurance for Owners and Riders
    Role of Personal Accident Cover in 2-Wheeler Insurance for Owners and Riders
    Image for The Young Rich Lister Who Also Teaches: How Aaron Sansoni Built a Brand Around Execution
    The Young Rich Lister Who Also Teaches: How Aaron Sansoni Built a Brand Around Execution
    Image for Q3 2025 Priority Leadership: Tom Priore and Tim O'Leary Balance Near-Term Challenges with Long-Term Strategic Wins
    Q3 2025 Priority Leadership: Tom Priore and Tim O'Leary Balance Near-Term Challenges with Long-Term Strategic Wins
    View All Business Posts
    Previous Business PostThree cybersecurity predictions for 2022
    Next Business PostFauci says U.S. should consider domestic flight vaccine mandate; more planes grounded