Recently, a security researcher has detected an unsafe and publicly available Elasticsearch case, which seemed to be controlled by a UK-based security company, as per the SSL certificate and modified DNS records.
The contradiction of that data is that it was a ‘data breach database,’ enormously large stock of earlier reported and also some non-reported security conflicts crossing the 2012-2019 era.
However, this data mostly held records from various violations over the past seven years from 2012 to 2019; these were found online with public access by security analyst Bob Diachenko.
The analyst was smart enough to recognize the owner of the Elasticsearch database by checking the modified DNS records and SSL certificate.
However, according to the security researcher, Bob Diachenko, the data was dropped unprotected in a “well-structured” form and carried a treasure cache of vital records including leaked passwords, hash types, email domains, and email addresses, leak sources, and leak data.
Indeed, most of the data appear to be obtained from earlier known sources, such a big and structured set of data would sit a clear risk to people whose data was disclosed.
An identification theft or phishing actor couldn’t ask for a more useful payload.
However, fraudsters may target affected people with scams and phishing campaigns, utilizing their data to craft targeted messages.
Thus, phishing messages frequently represent trusted people or organizations to fool victims into presenting up delicate information or money. Therefore, they usually carry links to phishing websites, which imitate genuine websites. They exist only to seize information, such as passwords and payment information.
This database also included two folders of data, one was named as leaks_v1 and held over 5 billion records while the other one was named as leaks_v2 kept over 15 million records.
The second group was being updated in real-time. Therefore, Diachenko informed the company regarding the open-access database, and it was exerted offline with an hour. However, there has been no formal reply or acknowledgment from the company.
- leaks_v1, it has more than 5 Billion records.
- leaks_v2, it has more than 15 million records.
However, it is not the first time when a database on Elasticsearch was revealed to the public. Merely last month, an Israeli firm leaked personal data of around millions of Americans comprising their physical address. Thus, this database was treated on an Elasticsearch server.
However, we hope to reduce infliction to end-users whose data was disclosed. We take measures to find out what each database included, for how long it was revealed, and what warnings to end users may occur as a result.
Not only this, but our verdicts are also assembled into reports like this one to increase awareness and curb misapplication of personal data by ill-disposed people.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.
