Over 3.6M MySQL Servers Exposed on the Internet: Global Scan Reveals Massive Attack Surface

The Shadowserver Foundation scanned the 3306/TCP port for accessible MySQL server instances and found about 2.3 million IPv4 addresses and over 1.3 million IPv6 devices responding.

Detailed scan data (since May 26, 2022) shows:

IPv4 MySQL total: 3,957,457

IPv6 MySQL total: 1,421,010

IPv4 accessible MySQL servers: 2,279,908

IPv6 accessible MySQL servers: 1,343,993

Overall, 67% of the discovered MySQL services are reachable from the Internet, meaning more than 3.6 million servers are easy targets for hackers and ransomware.

By country, the United States leads with 740.1K accessible IPv4 servers, followed by China (296.3K), Poland (207.8K) and Germany (174.9K); for IPv6, the US has 460.8K, the Netherlands (296.3K), Singapore (218.2K) and Germany (173.7K).

Shadowserver recommends reading the MySQL 5.7 Secure Deployment Guide or the MySQL 8.0 Secure Deployment Guide for secure deployment.