An unprotected database has exposed more than 5 billion records online.
On March 16, security researcher Bob Diachenko uncovered a publicly available Elasticsearch instance, appearing to be managed by a UK-based security company. Ironically, the unprotected instance was a “data breach database” containing a vast collection of previously reported security incidents from 2012-2019.
In a blog post, Diachenko explained that the Elasticsearch cluster had two collections, one with more than 5 billion records (5,088,635,374) and another with over 15 million records, updating in real-time.
Data included hashtype (the way a password was presented), password, leak date, email, email domain and source of the leak.
“It should be noted that the company’s data and customer records were not exposed, and the incident involved any previously reported data breaches collections,” stressed Diachenko.
Upon discovering the database, Diachenko immediately sent a security alert to the company, and within an hour of the notification being sent, the database was taken offline.
“Even though most of the data seems to be collected from previously known sources, such large and structured collection of data would pose a clear risk to people whose data was exposed. An identity thief or phishing actor couldn’t ask for a better payload,” Diachenko explained.
Threat actors could launch phishing campaigns to those affected by the breach by using their personal data to craft targeted messages.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.