SQLTeam.com | Weblogs | Forums

Does sharing the server name risk data privacy?

Hi,

I'm curious...does sharing with someone the server name that I have in Microsoft SQL Server, put my data privacy at risk in any way? I have not and will not share any passwords or credentials. I was just curious if someone saw my server name. Is this something that I should be concerned about?

JSM

Yes.

Someone could have acquired credentials (phishing, social engineering) and could gain access now that they also have a server name.

Or someone in the same company could have access that they're unaware they have, and since they know the server name they try accessing it. I've certainly done that myself (I'm a curious person :slight_smile: ) but I didn't have official authorization to access those servers.

You may have heard of the principle of least privilege, the idea is to grant only the absolute minimum permissions to do a particular job. This ensures against accidental (and sometimes deliberate) changes to a system. Part of that principle is to limit dissemination of information that could be used in the same way.

Do some research on "data breach", "cloud service breach", etc. Lots of stories about people posting server names somewhere in the cloud and they get scooped up by bots.

1 Like

I was able to once commandeer a web server because someone exposed their server name. How? I just used admin user admin password.

Then I created an admin user and sat there for a few days then informed the person that posted the server name. Finally informed the person that posted it via private chat to use better user name and password.