Publicly exposed PostgreSQL and MySQL databases with weak passwords are being autonomously wiped out by a malicious extortion bot – one that marks who pays up and who is not getting their data back.
Origin unknown, the bot is routinely breaching poorly protected databases within hours of exposure to the internet, according to security researchers at Border0.
In repeat experiments that involved running a PostgreSQL server on a VM, all while using weak credentials (user: postgres, password: password), the bot was successfully compromising the dummy databases multiple times a day.
