By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

RDS DB table name shows "YOUR DB Is Hacked"

0

Today we found that on our RDS on every DB there is an extra table name "YOUR_DB_IS_HACKED" containing these below content. we checked that this table is created on on "2024-03-19".

('Your database is hacked an all your data is backed up. (more information: go to https://paste.sh/fCNubiC6#qResBW4RU-_XsA9Z4QcvWgtS) You must pay 0.03 BTC to bc1q7qznqy9j3pu9daxdgz6d6u60kmshlgnwmyl2zt In 10 days or your data will be publicly disclosed. After paying send mail to us: svpcarbone@onionmail.org we will check as soon as possible and delete our copy. Your DBCODE is: 566GY',' bc1q7qznqy9j3pu9daxdgz6d6u60kmshlgnwmyl2zt',' svpcarbone@onionmail.org');

We already took DB backup & also changed the password. Need to know what should we do more to prevent it happening next time & what else we missed, please guide us to solve the issue.

Topics
StorageSecurity, Identity, & ComplianceDatabaseAWS Well-Architected Framework
Tags
Backup & RecoverySecurity, Identity, & ComplianceDatabaseSecurityNetwork Security
Language
English
ECL
asked 14 days ago174 views
2 Answers
1

Hi,

First of all, I'm so sorry.

I recommend to quickly take a look at the following AWS Knowledge Center article which describes step by step what to do when you identify unauthorized activity in your AWS account. Just to confirm that more resources have not been committed.

Once reviewed, check this AWS Knowledge Center article which contains best practices for securing the AWS account and its resources.

profile picture
EXPERT
Mikel Del Tio
answered 14 days ago
profile picture
EXPERT
Adeleke Adebowale J
reviewed 14 days ago
1

Essentially, your data has been stolen, so it's crucial to exercise caution. If you were storing personally identifiable information (PII) in that database, you could face significant issues.

⚡ In short, you should isolate the affected database, restore from a trusted backup, and enhance your security measures by implementing robust access controls, encryption, regular backups, and up-to-date software.

Important Resources you should read:

🚨 If you would like to have a security concern regarding AWS cloud services, please submit the information by contacting aws-security@amazon.com.

profile picture
EXPERT
Osvaldo Marte
answered 14 days ago
profile picture
EXPERT
Adeleke Adebowale J
reviewed 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content