A UK-based security company has accidentally exposed Its ‘leaks database’ that contained more than 5 billion records.
The unprotected and publicly available Elasticsearch instance that was managed by a UK-based security company was found on March 16th. It is an irony that it was a ‘data breach database’, comprising of enormously large collection of previously reported security incidents from 2012-2019.
The Elasticsearch cluster in question had two collections:
- leaks_v1, with 5,088,635,374 records (more than 5 Billion records)
- leaks_v2, with more than 15 million records, updating in real-time
The structured data includes details like hashtype, leak date, password (including hashed, encrypted or plaintext, depending on the leak), email address, email domain and source of the leak.
The exposed instance was discovered by security researcher Bob Diachenko, who then notified the owner of the data. Even though he did not respond to his message, the collections were taken offline within an hour.
Most of the data appeared to be collected from previously known sources and so such large and structured collection of data poses a risk to people whose data was exposed. It would be a boon to an identity thief or phishing actor to perform their attacks.
Cyber attackers usually target affected people with scams and phishing campaigns, using their personal information to craft targeted messages.