Type
Research
Actors
Pub. date
July 27, 2023
Initial access
Software misconfig
Impact
None
Observed techniques
Exposed environment config abuse
Targeted technologies
Redis
References
https://cybernews.com/security/deposit-files-data-leak/
Status
Stub
Last edited
Jun 2, 2024 8:02 AM
The Cybernews research team discovered DepositFiles’ publicly hosted environment configuration (config) file, which exposed:
- Redis database credentials “Billing” and “uploads” database credentials
- Abuse and Support mail credentials
- Payment wall secret key
- Twitter, Facebook, and VKontakte credentials
- Google App ID and Secret
- Payment service credentials, including password, username, and endpoint
- DF Android, DF iOS, PHP unit client, DF VPN app IDs, and salt