The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019.
“On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” wrote Security Discovery’s researcher Bob Diachenko. “The irony of that discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported (and, perhaps, non-reported) security incidents spanning 2012-2019 era.”
The huge trove of data is composed of two collections, one containing 5,088,635,374 records, and the second one that was being updated in real-time has over 15 million records.
Most of the data come from
The expert discovered the unprotected Elasticsearch cluster on March 16, it was indexed by the BinaryEdge search engine on March 15. At the time it’s not clear for how long the database remained exposed online and of it was accessed by third-parties.
The security firm that exposed the archive revealed that the database was exposed while its supplier was moving the index to a different Elasticsearch server. The firewall was temporarily disabled for roughly 10 minutes during the migration, which allowed the search engine to index the database.
“Our hope is to minimize harm to end users whose data .”
NOTE: Company’s data and customer records were not exposed,
(SecurityAffairs – Security firm, data leak)