An open Elasticsearch instance has exposed more than 5 billion records in an incident discovered on March 16. The irony is that the data in two Elasticsearch collections appears to be information on data breaches collected by a UK-based research firm from 2012 to 2019.
The structured data includes extensive information on the breaches, including domain, source, contact email address, and password. While many of the incidents appear to have been public knowledge, some of the information in the database is not and therefore could present at least an enhanced phishing risk for the victims.
According to security researcher Bob Diachenko, who found the exposed instance, after notification the presumed owner of the data did not respond to his message, but the collections were taken offline within an hour.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Security Lessons We've Learned (So Far) from COVID-19."