Misdesigned ElasticSearch Server Discloses 73 GB Data of 57 Million US Citizens

The publicly accessible server uncovered by security researcher Bob Diachenko contained an Elasticsearch instance with a database of "first name, last name, employers, job title, email, address, state, zip, phone number, and IP address" personal info.

• The compromised information includes first names, last names, employer IDs, job titles, email addresses and more.

• The same server also contained a second cached database containing more than 25 million records belonging to ‘Yellow Pages’.

An unprotected ElasticSearch server that contained the personal information of nearly 57 million US citizens was left publicly exposed online for almost two weeks. The data was stored on the server without a password. The public access database also came with an extra index of 25 million records which provided some additional information like"latitude/longitude, carrier route, census tract, phone number, web address, email, employees count, revenue numbers, NAICS codes, SIC codes."

Furthermore, Diachenko found three IP addresses which provided public access to the unprotected database of 56,934,021 million records.

It is unclear whether a third-party vendor or a threat group was involved in the breach.

However, Diachenko believes that a data management company Data & Leads Inc might be behind the attack. While the source of the leak was not immediately identifiable, the structure of the field ‘source’ in data fields is similar to those used by a data management company Data & Leads Inc. However, the company did not respond to any contact attempts from Diachenko and eventually noted down their entire website together with the unprotected databases.

Nowadays, the database is no longer exposed to the public, however, it is unknown for how long it has been online before Shodan crawlers indexed it on November 14th and who else might have accessed the data. The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges.

The unprotected server has currently been taken down and the leaky databases are no longer available to the public.

Diachenko has provided a copy of the exposed information to data breach index service ‘Have I Been Pwned’. Users can check if their data has been affected or not by visiting the site.

“Best practices for securing your data using Google Cloud Databases”.

In case of security,google cloud platform offers multiple security products. The rich set of controls and capabilities they offer are:

• Infrastructure Security

• Network Security

• Endpoints Security

• Data Security

• Application Security etc..

Form sensitive data more secure with data discovery, controls to prevent loss, leakage, and exfiltration, and data governance with data security of google cloud platform.

After this massive data exposing incident, researchers have found another 200GB-sized public customer record database at the start of September, owned by the Veeam backup and data recovery company who forgot to secure its data and accidentally exposed 445 million records.