Cybernews researchers discovered that Vietnam Post Corporation, a Vietnamese government-owned postal service, left its security logs and employee email addresses accessible to outside cyber snoopers for 87 days. The exposed sensitive data could spell trouble if accessed by bad actors.
Unprotected databases are common in the wild. They are usually the result of carelessness. For example, database admins may remove credentials to make it easier to connect via the internet, and then forget to put them back.
When the Cybernews team found the open database, it had more than 226 million logged events and measured 1.2 Terabytes in size. It contained device usernames with employee names or emails. This information enables potential cyber criminals to identify which employees were working at a given time and which devices they were using.
The database exposure began on July 8, 2023, and access to the database was evantually cut on October 6, 2023.
Read more about it here.