Data breach due to an unsecured server exposed some 30TB of business records. Cyber-attackers took advantage of the billions of records leaked online and made a ransom demand.
Polecat, a UK-based data analytics agency, harvests tons of public information on a daily basis which tends to relate to subjects such as firearms, politicians, racism, Covid-19, and healthcare.
Back in October, the Wizcase CyberResearch Team notified Polecat of the data exposure. They discovered that Polecat’s Elasticsearch server was exposing some 30TB of data without any authentication or encryption in place to access the records.
According to Wizcase, records dating back to 2007 which included employee usernames and hashed passwords, billions of tweets and social media records, and over one billion posts from different blogs and websites were all vulnerable online.
On October 30, a day after Wizcase found the vulnerability and reported it to Polecat, hackers launched a Meow attack in which approximately half of the firm’s records were wiped. In a meow attack database indexes are replaced with the suffix ‘gg-meow’ which renders swathes of data inaccessible.
Polecat responded to Wizcase’s report only on November 2, and secured the server on that day. But Wizcase confirmed the data breach took place and added that in a second attack, the hackers destroyed a few terabytes more of information.
Roughly 4TB remained in the server after the two attacks. But most of it was destroyed or stolen in a subsequent attack when a ransom note was left by the attackers demanding 0.04 BTC, about $550 at the time, in return for recovery of the files.
The exposed information could be exposed on a public forum for sale to competitors which could affect Polecat’s business.
Chase Williams of Wizcase analyzed this incident from the beginning and detailed his findings in a blog post published today, March 1.