Today I want to bring you an international-level cybersecurity event! In 2024, an environmental document from Saudi Arabian Ministry of Industry and Mineral Resources was publicly accessible on the internet for fully 15 months. This is not an ordinary document leak, it involves the main government system data!
The leaked document directly exposed the "digital defense line" of Saudi Arabia. Environmental documents included SMTP email protocol credentials, MySQL database passwords, Laravel encryption keys, and even the real-time Redis data were made public! These are the "universal keys" for hacker intrusion. We can imagine if it is still used by the hackers, they can impersonate government officials to send phishing emails, steal private citizen data, or even directly control the key industrial systems.
More frightening is that this data has been exposed for fully 15 months! From being indexed by search engines in March 2022 to being taken down in January 2024, it means that Saudi Arabia's industrial secrets have been exposed on the internet for over a year. Although MIM urgently remedied it, researchers warned: "Hackers might have already penetrated the internal network and ready to launch ransomware attacks or data breaches at any time."
Let me remind you again, whether it is enterprises or individuals, any file may seem ordinary, but in fact, it is the very important part of system security. The incident of Saudi Arabia tells us that even the most powerful strategic planning also needs to build a solid digital defense line. Otherwise, all the effort was wasted overnight!
Original source:https://www.anquanke.com/post/id/292482
