Every week there seems to be a news story about another massive data breach with millions—and sometimes billions—of records containing personal data lost or stolen. We regularly hear about cyberattacks involving brute-forcing secure logins or exploiting software flaws, but there’s a new segment of the cybercriminal economy that’s growing fast: attackers who target companies that have unintentionally left data out in the open via misconfigured databases.
According to the 2020 Verizon Data Breach Investigations Report (DBIR), 17 percent of all data breaches in 2020 were caused by human error—twice as many as in 2019. Databases are not immune to this problem, and the vast majority of public databases found on the internet are put there by accident. When the data is available on the internet, it can be stolen by anyone with nefarious intentions.