Over 1000 unsecured databases have been permanently deleted, leaving only the word “meow” behind.
The attack saw a database that had details of the UFO VPN. UFO VPN, and other products from seemingly the same company, had recently been in the news for exposing user information.
Information exposed include unencrypted account passwords, location information, and IP addresses of user devices and VPN servers.
The VPN, and others like it, claimed that it was not logging user details. Reports alleged that this was not the case.
The attack seems to have come from a bot, according to Forbes, as the attack script overwrites database indexes with random numerical strings and the word ‘Meow’.
It is unclear who is the source of the attacks. Ars Technica reports that a less severe attack, which hit other servers, tagged them with “university_cybersec_experiment”, and is seemingly a demonstration that the files were left vulnerable.
Security researcher Bob Diachenko, who partnered with Comparitech on a report into UFO VPN and the other VPN products, hypothesised that such an attack may have been conducted simply because it is easy.
“I think that in most [of the latter] cases, malicious actors behind the attacks do it just for fun, because they can, and because it is really simple to do,” Diachenko told Ars Technica.
“Thus, it is another wake-up call for the industry and companies which ignore cyber hygiene and lose their data and data of their customers in a blink of an eye.”
It appears that the attackers are running searchers for servers which expose information by not being password protected – like how security companies conduct research and reports.
Diachenko expects the Meow attacks to continue, and the number of affected databases to double over the next 24 hours.