Meow Attack deletes unsecured databases on the Internet


Meow Attack: Meow bot deletes unsecured MongoDB and Elasticsearch databases without explanation; UFO VPN database which leaked user logs found deleted

There is a new bot in the town and it deletes unsecured databases on the Internet. Called the Meow attack by security researchers, the automated Meow bot deletes unsecured databases without any explanation. Security researchers found the recent instance of unsecured Elasticsearch database of UFO VPNs deleted through the same attack.

The Meow attack was first noticed by security researcher Bob Diachenko when he was analyzing the UFO VPN data leak due to unsecured Elasticsearch server. vpnMentor and Comparitech had discovered the unsecured database which exposed user logs of UFO VPN and six other Hong Kong-based VPN service providers. After vpnMentor and Comparitech informed the VPN providers, they had secured the database but Diachenko found that the UFO VPN user log database had mysteriously reappeared five days later.

However, this time the entire database was wiped clean and they got ‘meowed’. The Meow attack has been noticed deleting unsecured Elasticsearch and MongoDB databases indiscriminately without leaving any explanation, or even a ransom note.

Using a query with the Shodan Internet-of-Things (IoT) search engine security researchers discovered that dozens MongoDB and Elasticsearch databases have already fallen victim to the unknown attacker’s Meow Attack.

For now, misconfigured Amazon AWS buckets that leak user information are not known to be affected by the Meow attack but the unknown Meow exterminator may decide to target such misconfigured AWS buckets as well.


About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Notify of
Inline Feedbacks
View all comments