More than 3.6 million MySQL servers were found exposed online that accept connections on port 3306/TCP, making them an attractive target for cyber criminals.
While scanning the internet for accessible MySQL servers, security experts at The Shadowserver Foundation discovered a total population of 5, 378, 467 million IPv4 and IPv6 instances on port 3306/TCP, but less than half of them appeared to accept the connection. Overall, for 67% of all MySQL services found were accessible from the Internet (IPv4 and IPv6).
The majority of exposed IPv4 MySQL servers were located in the United States (740 100), followed by China (296 300), Poland (207 800), and Germany (174 900).
In case of accessible IPv6 MySQL servers, most of them were located in the US (460 800), Netherlands (296 300), Singapore (218 200), and Germany (173 700).
“It is unlikely that you need to have your MySQL server allowing for external connections from the Internet (and thus a possible external attack surface). If you do receive a report on your network/constituency take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server,” the researchers advised.
“While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed.”