ADVERTISEMENT

DepositFiles exposed config file, jeopardizing user security

DepositFiles, a popular web hosting service, left its environment configuration file accessible, revealing a trove of highly sensitive credentials.

DepositFiles

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Jul 27, 2023 Updated: 15 November 2023 4 min read
  • Redis database credentials “Billing” and “uploads” database credentials
  • Abuse and Support mail credentials
  • Payment wall secret key
  • Twitter, Facebook, and VKontakte credentials
  • Google App ID and Secret
  • Payment service credentials, including password, username, and endpoint
  • DF Android, DF iOS, PHP unit client, DF VPN app IDs, and salt

Why is exposing config files dangerous?

What DepositFiles data was exposed?

ADVERTISEMENT
“Cybercriminals could take over the official communication channels of DepositFiles, including social media accounts and abuse & support emails. This would make it extremely complicated for the company to inform its clients about a data breach or to warn them of malware attacks.”
researchers said.

DepositFiles exposed credentials

Exposed app data

ADVERTISEMENT