30 Million WordPress User Data Leaked By Canadian Cloud Accounting Company

FreshBooks, leaked the credentials, source code, and backups of the WordPress admin servers of its 30 million users. (photo: doc. pexels)

JAKARTA - Canada-based cloud accounting software company FreshBooks, leaked the credentials, source code, and server backups of the WordPress admin of its 30 million users.

As a result, companies pave the way for threat actors to hijack their websites. This, of course, will impact its more than 30 million users, in more than 160 countries around the world at risk of identity theft and other cyber crimes.

Cybernews research team on January 20, discovered FreshBooks' publicly accessible AWS Storage basket. Although it mostly stored images and metadata of the company's blog, among the leaked data, were backups of the website's source code and associated databases.

When researching deeper, the researcher found that one of the databases contained information about the site, its configuration, and 121 WordPress user data.

The data includes names, usernames, email addresses, and hashed passwords from administrators, authors, and site editors.

Leaked passwords are hashed using the WordPress MD5/phpass hashing algorithm, which is easy to crack thereby making user accounts vulnerable to piracy.

With this information, Cybernews researchers say, threat actors can access a website's backend and make unauthorized changes to its content.

They can analyze source code, understand how websites work, and find other vulnerabilities to sell or exploit. The researcher also identified the 2019 server backup as harboring at least five vulnerable plugins installed on the website at that time.

In other scenarios, they can install malicious software, move laterally across networks, and steal sensitive data.

However, there is a caveat to exploiting the vulnerability, on the website login page to the admin panel is indeed secured and not accessible to the public, as reported by TechRadar, Tuesday, April 11.

Even so, attackers can still bypass this security measure by connecting to the same network as the website or finding and exploiting a vulnerable WordPress plugin.

Cybernews researchers urged FreshBooks to consider the implications of the leaked data and respond quickly to address exposure to the data.

This includes changing all login credentials associated with websites, monitoring suspicious activity, conducting thorough security audits, and implementing two-factor authentication (2FA).

As well as notifying affected users about the leak. The company has fixed the vulnerability after being contacted by Cybernews.