I don't have a feeling one way or the other, but I see where you're coming from and I think there's an interesting aspect that many of the folks here seem to be missing.
Were this sort of attack to become part of the "noise" of the internet (much as the continual bombarding of my SSH ports) then peoples databases would get deleted _before_ they contain any meaningful amount of data.
So in practice this sort of gross vandalism is limited to the appearance of such an attack, but not ongoing.
I had this the other day building OS images, which accidentally left the system a passwordless login. Within less than a few hours it was (presumably) spewing mail or doing awful things -- long before anything went anywhere near production data or any kind of trust.
Were this sort of attack to become part of the "noise" of the internet (much as the continual bombarding of my SSH ports) then peoples databases would get deleted _before_ they contain any meaningful amount of data.
So in practice this sort of gross vandalism is limited to the appearance of such an attack, but not ongoing.
I had this the other day building OS images, which accidentally left the system a passwordless login. Within less than a few hours it was (presumably) spewing mail or doing awful things -- long before anything went anywhere near production data or any kind of trust.