Data from individuals who contacted the Lorenz ransomware group between June 3, 2021 and Sept. 17, 2023, including names, email addresses, and online form subject lines, were accidentally leaked due to a misconfigured Apache2 web server, according to The Register.
Such a misconfiguration facilitated back-end PHP code exposure from their login form, said security researcher htmalgae, who discovered and published the leaked data. While most of the impacted individuals leveraged aliases and Proton Mail email addresses, some of the exposed data were noted to be obtained from reporters, security researchers, and financial service workers.
"It was probably one of the easiest leaks I've discovered so far. During my daily sweep of all the ransomware shame sites, I came across Lorenz's broken contact form. It was really as simple as viewing the source on the page and copy-pasting the leaked file path. It was pretty much placed in my lap, I didn't even need to do a vulnerability scan," said htmalgae.
Ransomware
Misconfigured server inadvertently leaks Lorenz ransomware data
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds