Expert discovered an Elasticsearch instance belonging to security firm Keepnet Labs containing over 5 billion records of data leaked in previous cybersecurity incidents.
The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to the security firm Keepnet Labs that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019.
“On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” wrote Security Discovery’s researcher Bob Diachenko. “The irony of that discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported (and, perhaps, non-reported) security incidents spanning 2012-2019 era.”
The huge trove of data is composed of two collections, one containing 5,088,635,374 records, and the second one that was being updated in real-time has over 15 million records.
Exposed data includehashtype, leak year, password (hashed, encrypted or plaintext, depending on the leak), email, email domain, and source of the leak (i.e. Adobe, Last.fm, Twitter, LinkedIn, Tumblr, VK and others).
Most of the data come from previously known sources, it could expose affected people to scams and phishing campaigns.
The expert discovered the unprotected Elasticsearch cluster on March 16, it was indexed by the BinaryEdge search engine on March 15. At the time it’s not clear for how long the database remained exposed online and of it was accessed by third-parties.
Diachenko reported its discovery to Keepnet Labs that quickly took the Elesticsearch installation offline.
Keepnet Labs revealed that the database was exposed while its supplier was moving the index to a different Elasticsearch server. The firewall was temporarily disabled for roughly 10 minutes during the migration, which allowed the search engine to index the database.
“Our extensive cybersecurity knowledge lends itself well to searching for and analyzing data leaks. Our due diligence demands that we make every attempt to identify who is responsible and notify them as quickly as possible.” concludes the expert.
“Our hope is to minimize harm to end users whose data was exposed.”
The post Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records appeared first on Security Affairs.