Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Website builder Ucraft leaks data of hundreds of thousands of users

An abstract image of a cloud raining data.

Hundreds of thousands of users of a popular website builder firm may have had their personal information leaked online due to shoddy security practices, a new report has revealed.

Researchers from Cybernews found that a publicly accessible Google Cloud Storage Bucket belonging to website building and design tools firm Ucraft kept sensitive client data in it for years. 

Created by an Armenian IT services company, the bucket was eventually discovered by malicious actors, grabbed, and distributed on the dark web.

Ucraft breach

The report added that Ucraft reportedly kept sensitive user information dating back to 2018, counting “hundreds of thousands of users”, including unredacted domain registration information such as email addresses, phone numbers, names, and postal addresses, user email addresses, hashed passwords, old passwords, transaction data and partial credit card details, and database hosts and database names for client sites. 

Subsequent investigation revealed that a threat actor also discovered the bucket in March 2023, and exfiltrated whatever data it found there. The stolen information was posted on a hacker forum in early January 2024, which was what prompted Cybernews to investigate in the first place.

Ucraft has yet to comment on the findings, but the Cybernews team says they reached out to the bucket owners and warned them of the security lapse, with the database subsequently locked down.

Unprotected and misconfigured databases remain one of the most common reasons for data leaks and breaches. Almost every day, security researchers stumble upon major databases, often belonging to large enterprises, hosting sensitive information for years. In many instances, the databases get discovered after a routine internet scan with tools such as Shodan.

Leaking information such as this one can lead to a whole host of malicious activity, from identity theft, to credential stuffing, and account takeovers. Many phishing attacks start with data leaks such as this one, as they allow hackers to create convincing, tailored phishing emails.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.