Data breach affects data analysis firm; hackers demand ransom to restore more than 30 TB of exposed information

Polecat, a data analytics firm has been affected by a data breach caused by a misconfigured server, causing more than 30 TB of information to have been accessed by threat actors. According to its website, Polecat offers a combination of data analytics and human experience for organizations around the world to achieve successful management.

In late 2020, researchers at the Wizcase security firm detected a Polecat-linked Elasticsearch server that was leaking a large amount of information on the public Internet without requiring authentication or being protected with encryption. The exposed records date back to 2007 and include details such as usernames, hashed passwords, billions of tweets and registers from other social media platforms, blog posts, and websites.

The records collected by Polecat can be related to all kinds of topics, including firearms, politics, racism and even coronavirus and its consequences. While researchers reported exposing information immediately, malicious hackers might have taken just a few minutes to access this information and download a copy using an attack variant known as MEOW.

It should be noted that a Meow attack consists in replacing the index of a database with the suffix ‘gg-meow’, which can lead to the random destruction of a large amount of information stored in the affected deployments. Researchers mention that about 50% of the information stored by Polecat would have been deleted in two consecutive attacks; eventually the researchers found a ransom note in which hackers demanded a Bitcoin transfer in exchange for recovering the compromised information to its operators.

Wizcase’s report notes that this is an increasingly common type of attack targeting databases available on the Internet without adequate security measures. Moreover, even though all the records exposed are public, the database could have been downloaded for sale to any Competitor of Polecat, directly committing its operations.

A few hours after receiving this report, Polecat security teams shut down access to compromised information, so no new related incidents are expected. At the moment it is ignored whether the company will initiate a negotiation process with the threat actors for the recovery of the affected information. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.