An Elasticsearch database belonging to Shanghai Jiao University exposes 9.5 billion rows of metadata, translating to 8.4TB of data.
Discovered by Cloudflare Director of Trust & Safety Justin Paine, in a blog post Paine found the exposed database on May 22, through a Shodan search.
The database contained the metadata from a large amount of emails, and appears to be from the popular self-hosted email platform Zimbra. At the time it was secured, the database had been growing significantly.
Based on the metadata, Paine was able to locate all emails being sent to or received by a specific person. The data also included the IP address, and user agent of the person checking their email.
Email threads between users were found, however it should be noted that only the metadata was involved, and neither subject lines or email body content was exposed.
Within 24 hours of being notified, Shanghai Jiao Tong University fixed the leak.
“I would like to thank the university’s security team for their prompt action to secure this data once notified. As far as I am aware they have not notified the impacted students though.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.