Microsoft Vancouver leaking website credentials via overlooked DS_STORE file


The metadata on the file directed the researchers to several WordPress database dumps containing multiple administrator usernames and email addresses, as well as the hashed password for the Microsoft Vancouver website.

Leaving DS STORE files on remote web servers is risky because they expose their folder structure, potentially leaking sensitive or confidential data. This is precisely what happened with the lingering DS STORE file on the Microsoft Vancouver web server.

Read More…