Enterprises are slacking on MySQL database security, and it could come back to haunt them

One-in-four organisations have exposed MySQL databases, according to new research, prompting calls for more robust developer security practices.

Intruder’s 2026 Attack Surface Management Index warned these databases are becoming an increasingly attractive target for threat actors, particularly ransomware groups.

Indeed, the study noted that 16% of Postgres databases are also dangerously exposed, alongside remote desktop (RDP) services, API documentation, and WordPress admin panels.

Attack surface exposures were categorized by HTTP panels, ports, services, databases, files and information facing the internet.

Latest Videos From

While exposed databases ranked as the leading attack surface issue, more than one-in-seven organizations reported exposed API documentation, ahead of RDP services - a common entry point for ransomware attacks.

Nearly half of organizations were found to have risky exposed ports and services, with RDP being the most commonly exposed. WordPress Admin (15%) and phpMyAdmin (8%) are also frequently left internet-facing, despite being intended for internal use only.

Notably, legacy services like SNMP (9%) and UPnP (8%) persist on the public internet, again despite being intended for internal networks.

Chris Wallis, CEO and founder of Intruder, said the findings should serve as a wake-up call for organizations engaging in risk data management security practices.

"Many of the exposures we examined don't even need a CVE to be exploited. For example, an exposed database or admin panel can be compromised through brute force or credential stuffing alone,” he said.

Database security in the spotlight

Intruder noted that lackluster data security practices come amid a perilous time for enterprises.

The study warned that the rise of autonomous AI models has slashed the time between vulnerability discovery and exploitation – and many organizations are struggling to keep up.

Midmarket organizations face the longest remediation times, averaging 56 days to close security gaps, making them nearly four-times slower than smaller enterprises.

There are stark differences between sectors, with banks remediating exposures in just 11 days and retail just ten, while insurance and pharmaceutical firms average more than 40 days.

With vulnerability exploitation expected to skyrocket due to the use of powerful new frontier AI models, Wallis said remediation windows are “open far too long”.

Security experts globally have issued repeated warnings on this front, particularly since the launch of Anthropic’s Claude Mythos model.

The company announced a gated release of the model to select industry partners in April amid fears the model could be used for nefarious purposes.

Wallis said the launch of Mythos has “fundamentally shifted” the cybersecurity landscape, meaning enterprises must now move faster than ever to curtail security risks.

“The security industry is seeing a major compression in the time between vulnerability discovery and exploitation,” he said.

“In this high-speed era, leaving a MySQL database or private API documentation exposed to the internet is an open invitation for automated, high-speed extortion.

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.