Skip to content

More than 3.6 million MySQL databases are exposed

  • by
  • 2 min read
What is Formjacking? How it works and how to protect yourself

Scans performed by cybersecurity research group The Shadowserver Foundation revealed more than 3.6 million MySQL databases on the internet exposed using the default TCP port 3306.

Of these databases, around 2.3 million connect using IPv4 and 1.3 million use IPv6. The USA leads the number of databases exposed at just over 1.2 million. Other significant exposures are from China, Germany, Singapore, Netherlands and Poland. 

The most accessible IPv4 MySQL servers were found in the United States (740,100), China (296,300) and Germany (174,900). For IPv6, the US leads with 460,800 servers, then the Netherlands with 296,300 servers, Singapore with 218,200 servers and Germany with 173,700 servers. 

The Shadowserver Foundation’s report further details the following numbers:

Total number of exposed databases on IPv43,957,457
Server greeting responses on IPv42,279,908
Total number of exposed databases on IPv61,421,010
Server greeting responses on IPv61,343,993

Overall, 67% of all MySQL services found are accessible from the internet. The report also recommends guides for securely deploying MySQL servers and covering any security loopholes for versions 5.7 and 8.0.

More than 3.6 million MySQL databases are exposed
Accessible MySQL servers by unique IPv6 addresses. | Source: Shadowserver Foundation

The scan was run by issuing MySQL connection requests over the default port (TCP 3306) and collecting server responses with a MySQL server greeting messages, including TLS and non-TLS responses. The report further clarifies that Shadowserver did not perform any intrusive checks to discover the level of access possible to any of the databases. 

While many services need to access external databases, failing to secure them properly can result in severe consequences for the organisation, including but not limited to data breaches, ransomware attacks, remote access trojan infections, or even Cobalt Strike deployments. 

In the News: Microsoft Office zero-day is being actively exploited by China

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: