Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io

Made with 💙 by Wiz

Last Updated: April 3, 2025

Cloud Threat Landscape
/Incidents
Incidents
/
DepositFiles exposed config file

DepositFiles exposed config file

Type
Research
Actors
Pub. date
July 27, 2023
Initial access
Software misconfig
Impact
None
Observed techniques
Exposed environment config abuse
Targeted technologies
Redis
References
https://cybernews.com/security/deposit-files-data-leak/
Status
Stub
Last edited
Jun 2, 2024 8:02 AM

The Cybernews research team discovered DepositFiles’ publicly hosted environment configuration (config) file, which exposed:

  • Redis database credentials “Billing” and “uploads” database credentials
  • Abuse and Support mail credentials
  • Payment wall secret key
  • Twitter, Facebook, and VKontakte credentials
  • Google App ID and Secret
  • Payment service credentials, including password, username, and endpoint
  • DF Android, DF iOS, PHP unit client, DF VPN app IDs, and salt