Hadoop Distributed File System (HDFS) based servers that haven't been properly configured are exposing more than five petabytes (PB) of data, according to John Matherly, founder of Shodan, a search engine for discovering internet-connected devices.
Earlier this year, it was revealed that NoSQL database provider MongoDB had suffered a surge of ransomware attacks, with over 27,000 servers compromised as hackers stole and deleted data from unpatched or poorly-configured systems.
In a blog post, Matherly revealed that while the focus had been on MongoDB, and databases such as Elastic and Redis in regards to data exposure on the internet, HDFS was "the real juggernaut".
He said that while MongoDB databases were popular within the developer community - it had 47,820 servers in total with 25 terabytes of data exposed - HDFS had a far smaller number of servers (4,487), but a considerably higher amount of data exposed (5,120TB).
Most of the HDFS NameNodes are located in the US (1,900) and China (1,426), and nearly all are hosted on the cloud - with Amazon Web Services (1,059) and Alibaba (507) leading the charge.
Matherly said that the ransomware attacks that were publicised earlier in the year, which targeted MongoFB, CouchDB and Hadoop, are still happening - and they're impacting both MongoDB and HDFS deployments.
While most of the public MongoDB instances seem to be compromised, according to Shodan, about 207 HDFS clusters have a message warning of the public exposure - or in other words are still under threat by criminals who are asking for ransoms. It's unclear whether these are new ransomware attacks or whether servers are still being taken over now.
Matherly launched Shodan back in 2009. It's a search engine that enables users to find specific types of devices connected to the internet using a variety of filters.
It collected data mostly on web servers (HTTP/HTTPS - port 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), SIP (port 5060), and real-time streaming protocol (RTSP, port 554). The latter can be used to access webcams and their video stream.
In January, the Shodan Report 2017 found that there were still almost 200,000 websites and connected systems that remained vulnerable to the ‘Heartbleed' OpenSSL bug, more than two-and-a-half years after the security flaw was discovered.
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix