An alarming report from vulnerability management firm Intruder reveals that 26%—more than one-quarter—of cybersecurity teams have inadvertently exposed their MySQL databases to the public internet. This finding places organizations at severe risk, as MySQL remains a primary target for database ransomware and automated data extortion.
The Attack Surface Management Index
The report is based on anonymous data from 3,000 Intruder customers collected over the past year. Through its “Attack Surface Management Index,” the firm examined the most common vulnerabilities, patching speeds, and how risks vary by organizational scale and industry sector.
Chris Wallis, CEO and founder of Intruder, emphasized that the rise of autonomous AI models, such as Mythos, has fundamentally compressed the time between vulnerability discovery and exploitation by hackers.
“In this high-speed era, leaving a MySQL database or private API documentation exposed to the internet is an open invitation for high-speed automated extortion,” Wallis stated.
Most Common Exposure Points
In addition to MySQL databases, the report identified several internal services that frequently “leak” into the public domain:
Private API Documentation: More than 1 in 7 organizations have exposed their API documentation.
Remote Desktop Service (RDP): This is the most frequently exposed risky service (49% of organizations).
Admin Panels: WordPress Admin (15%) and phpMyAdmin (8%) are often left open to the internet, despite being intended for internal use only.
Legacy Protocols: Services like SNMP (9%) and UPnP (8%) continue to persist on the public internet.
Scaling Organizations, Scaling Risks
The report highlights that attack surface risks increase disproportionately as a company grows. Large organizations with over 5,000 employees manage significantly more external assets—nearly 35 times more than small businesses (51–250 employees)—making security management far more complex and difficult to control.
Response Times by Industry
There are stark differences in how quickly various sectors address their security exposures:
Retail: The most efficient, with an average fix time of 10 days.
Banking: Following closely in second place at 11 days.
Financial Services (Non-Banking): Takes approximately 24 days to remediate.
Insurance: The slowest sector, requiring nearly 50 days to close the same type of security gaps.
This report serves as a stern warning for system administrators to ensure that MySQL database configurations are shielded behind firewalls or private networks to avoid cyberattacks that are becoming increasingly automated.
