PG&E leaves database exposed
An electric company was in for a shock when a database containing sensitive information was found online. The database, belonging to (PG&E), was part of an asset management system, containing information on a wide array of devices belonging to the company, although PG&E denies the authenticity of the data.
Security Week reports that the PG&E database was publically available online, and could have been accessed by anyone without authentication. The system contained information on around 47,000 devices, including computers, servers, and virtual machines. Among the available data, one could find IP addresses, MAC addresses, hostnames, and of course, passwords; many passwords were hashed, but others were stored in clear text.
The exposed database was discovered through the investigations of Chris Vickery at MacKeeper’s Security Watch. Upon its discovery, he alerted PG&E, which insisted that the database was entirely fake. However, Vickery is skeptical of the claim, noting that “fictitious databases do not generally have areas specifically marked ‘development,’ ‘production,’ and ‘enterprise.’ Fictitious databases do not generally have over 688,000 unique log record entries. This database did.”
Whether or not it was a fake database, it has already been taken down, following Vickery reporting it to PG&E. However, that would not stop anyone who managed to access it earlier from copying all the data.
PG&E has not yet notified customers, but Vickery is trying to reach out to the Department of Homeland Security to determine if the database is legitimate and take any appropriate actions.
photo credit: No way home via photopin (license)
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU