Research Reveals Leftover Files Of Popular Websites Can Help Hackers Steal Users Data

A recent study conducted by CyberNews reveals that some of the world's most visited websites can potentially expose visitors to harm via leftover files.

CyberNews, a research firm, noted that potentially hundreds of websites could be providing security loopholes for threat actors via the presence of unnoticed files. Researcher for the firm Martynas Vareikisthat such files from overlooked database history, DS_STORE files, and GIT repositories were the key culprits in allowing cyber criminals outside of the developers to infiltrate these websites and cause any amount of damage. Arrange phishing attacks, siphon off user data, commit identity fraud, the list is worryingly long and exhausting. What's even more worrying, however, is not just that such websites exist. It's the fact that such websites are very often visited as well.


Cleaning up is a very tiring and cumbersome part of being a developer. Especially with popular websites, where daily visitors range in the upper thousands, no dev is going to put in the extra effort and check their own databases to see whether or not such leftover files are present. However, systems to make sure they are actively disposed of need to be in place to ensure user safety. CyberNews conducted a study involving 35,000 of the most visited websites across the internet and attempted to gauge just how many of them were prone to leaving leftover files in their databases. The results were slightly worrying, to say the least.

The study's results revealed that 82 top Alexa ranked websites of the 35,000 had leftover files that were accessible by almost any individual without the need for any extensive, or even basic, form of identification or authorization. Of course readers must assume that the 82 are insignificant websites with lazy developers that don't pay attention. On the contrary; all 82 had 17 million total visitors per month. The domains were from countries such as the US, Russia, Japan, China, France, South Korea, and the Netherlands. All of these are countries with access to high tier cybersecurity provisions.

While it isn't necessary that such data will be used by, or even picked up on by malicious netizens, cybersecurity breaches are still very much a risk, and leftover files need to be dealt with efficiently and quickly.

Read next: Malicious Actors Are Using New Hack to Record and Mimic Digital Footprints
Previous Post Next Post