Website builder Ucraft leaks data of hundreds of thousands of users

Another day, another misconfigured database

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hundreds of thousands of users of a popularwebsite builderfirm may have had their personal information leaked online due to shoddy security practices, a new report has revealed.

Researchers fromCybernewsfound that a publicly accessibleGoogleCloud StorageBucket belonging to website building and design tools firm Ucraft kept sensitive client data in it for years.

Created by an Armenian IT services company, the bucket was eventually discovered by malicious actors, grabbed, and distributed on the dark web.

Ucraft breach

Ucraft breach

The report added that Ucraft reportedly kept sensitive user information dating back to 2018, counting “hundreds of thousands of users”, including unredacted domain registration information such as email addresses, phone numbers, names, and postal addresses, user email addresses, hashed passwords, old passwords, transaction data and partial credit card details, and database hosts and database names for client sites.

Subsequent investigation revealed that a threat actor also discovered the bucket in March 2023, and exfiltrated whatever data it found there. The stolen information was posted on a hacker forum in early January 2024, which was what prompted Cybernews to investigate in the first place.

Ucraft has yet to comment on the findings, but the Cybernews team says they reached out to the bucket owners and warned them of the security lapse, with the database subsequently locked down.

Unprotected and misconfigured databases remain one of the most common reasons for data leaks and breaches. Almost every day, security researchers stumble upon major databases, often belonging to large enterprises, hosting sensitive information for years. In many instances, the databases get discovered after a routine internet scan with tools such as Shodan.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Leaking information such as this one can lead to a whole host of malicious activity, fromidentity theft, to credential stuffing, and account takeovers. Many phishing attacks start with data leaks such as this one, as they allow hackers to create convincing, tailored phishing emails.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Scotland vs South Africa live stream: how to watch 2024 rugby union Autumn International online from anywhere