Right now, there is a particular kind of data exposure that is mystifying security experts around the world. Every week, the Identity Theft Resource Center (ITRC) takes a look at some of the top data compromises of the previous week in our Weekly Breach Breakdown podcast. This week, we are looking at an attacker who is erasing insecure cloud databases and leaving a single word as their calling card: meow. Yes, it is a “meow” attack.

Where It All Began

The story begins 20 years ago when threat actors were known as hackers. They were just as likely to be your neighbors’ kid than a criminal mastermind in a foreign country. For visual, you can think of the 1980’s movie War Games where Matthew Broderick breaks into a super-secret pentagon weapons system to challenge the computer to a game of thermonuclear war and tic-tac-toe.

Fast forward to today, and the average threat actor is part of a well-organized criminal enterprise where stealing and selling personal and company information is the bottom line. It is a multi-billion-dollar business that runs like a regular business – that is, if it weren’t illegal.

Unsecured Databases

Every week the ITRC talks about data breaches from the previous week and how they happen. In July, one week we focused on the top reasons data breaches occur, and pointed out that IBM’s latest research shows misconfigured cloud databases are tied for the number one reason personal information is compromised, even if it is not stolen.

Unsecured databases have been a growing cybersecurity problem since 2018, and some of the world’s biggest data compromises have been the result of poor cybersecurity practices. In 2019, a mystery web database containing four billion records linked to 1.2 billion people had no password protection and was accessible on any web browser.

Later in 2019, databases that included hundreds of millions of records were exposed at First American Financial Corp., email validation firm Verifications.io, and Capital One Bank.

What Is Happening Today

Now, in a throwback to the time before professional hackers, either someone or some group is trolling the internet using the same automated tools as professional data thieves. They are looking for cloud databases that do not have proper security. However, instead of stealing the information, the Grey Hat attacker is deleting the information it finds and is replacing it with the word meow.

As ITRC COO James Lee says in the podcast, “In other words, a modern-day Robinhood is treating the internet as their own personal Sherwood Forest and taking from the data-rich to protect the personal information of the masses.”

When the Attacks Were Discovered

The “meow” attacks were discovered in early July by cybersecurity researcher Bob Diachenko. Diachenko has since identified more than 4,000 “meow” attacks, including one where 3.1 million patient records were erased at a medical software company because the database housing the sensitive information did not have a password to secure the data.

What the ITRC Recommends

The ITRC disapproves of vigilante justice, even when protecting consumers from having their personal information misused. The ITRC condones and strongly encourages businesses to make sure they have properly configured their security tools before putting an internet-accessible cloud database into production. To use a pun, doing so may help “keep the cat in the bag,” where it belongs.


For more information about the latest data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.

If you believe you are the victim of an identity crime, or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor on the website via live-chat, or by calling toll-free at 888.400.5530. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.

Read more of our latest news below

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams