How quickly does an unprotected database get found online? Less than 9 hours

A server rack with its security door unlocked in a data center.
(Image credit: Timofeev Vladimir/Shutterstock)

What happens when a database full of vital personal information is left unprotected on the internet? Potential data thieves find it within hours, says hybrid tech blog/research team/VPN affiliate reseller Comparitech.

On May 12, Comparitech spun up a "honeypot" server containing fake user data and left it without adequate password protection to attract thieves, explained the site's Paul Bischoff in a blog post earlier this week. 

"We wanted to find out how fast data can be compromised if left unsecured," Bischoff wrote.

Over the next 11 days, the honeypot server was accessed 175 times, with the first try coming eight hours and 35 minutes after the server went online. More than three dozen intrusions were made over the next four days. 

The Shodan search engine indexed and listed the server on May 16, and 22 more accesses were made in the following 24 hours.

This research is admittedly self-serving, because Comparitech specializes in finding unprotected databases on the internet. Yet it's never been clear whether that matters, because security researchers can rarely tell if anyone else found an open server before they did or if any data was stolen.

To use a real-world analogy, if you find the front door to your home unlocked, but nothing seems to be missing, then how can you tell if anyone got in? Comparitech's study is like leaving the house door unlocked while setting up a surveillance camera across the street to monitor it.

Attacks or just queries?

Most of the "attackers" -- Comparitech's words, not ours, because accessing an unprotected database is not a crime -- were using IP addresses in the U.S., Romania and China. That doesn't mean they were physically located in those countries.

In fact, most of the "attacks" simply queried the database's status, which is no big deal. But some aimed to "mine cryptocurrency, steal passwords, and destroy data," Bischoff wrote.

The experiment came to an abrupt end May 22, when a real genuine attacker, probably a bot, "deleted the contents of the database and left a message with contact information and request for payment" in Bitcoin.

This wasn't exactly a scientific study. It's just one server in a one-time test that lasted less than two weeks. We don't know how many other honeypots, if any, Comparitech set up before it got the results it wanted. 

A more thorough study would set up many more servers in many different locations at many different locations over a longer period of time, then analyze how many servers get accessed and how frequently. Then we'd have a real idea of just how likely it is for unprotected sensitive data to get stolen.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
How to delete TikTok
TikTok has rolled out a vital new security feature — here's how to use it
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 20 (#648)
A phone with the Plex logo in front of an out-of-focus background of movie posters
Yikes! Plex is getting a price hike and this key feature is going behind a pay wall
Richard Gere in Arbitrage
5 must-see mystery movies on Prime Video you (probably) missed I'd stream right now
back of Iris Pixel 9a
Google Pixel 9a pre-orders delayed due to 'component quality issue' — here's when you can get one
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Sony A95K QD-OLED TV in front of windows in a living room
This new TV breakthrough looks like a game-changer for OLED TVs