elasticsearch

Blog, Data Breach, elasticsearch June 3, 2019

The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records

Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all their users. Nevertheless, we at SecurityDiscovery.com, are still registering 5-10 big cases every month and…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch May 28, 2019

Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online

On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and…

Like this story? Please share it!

Data Breach, database, elasticsearch May 27, 2019

Company Offering Unique Experiences, Wine Tours, and Kids’ Parties Exposes 212,220 Records Online

On May 11th I discovered a non password protected Elastic database that contained detailed customer records and leads or potential customers. Upon further investigation of the data it appeared to belong to an Australian based…

Like this story? Please share it!

Data Breach, database, elasticsearch May 21, 2019

Golf App Exposes 218k Users’ Data Online

On April 1st Bob Diachenko discovered a non-password protected Elastic database that appeared to contain millions of records detailing golf games, courses, messages, and other player data. Upon further investigation there were many references to GAME…

Like this story? Please share it!

Data Breach, database, elasticsearch May 13, 2019

Panama Citizens Massive Data Breach

On May 10th I identified a massive bulk of data sitting in an unprotected and publicly available Elasticsearch cluster (hence visible in any browser). This database contained 3,427,396 records with detailed information on Panamanian citizens…

Like this story? Please share it!

Data Breach, elasticsearch May 7, 2019

Burger King’s Online Shop for Kids Exposed Data

Kool King Shop, (https://www.koolkingshop.fr/), a French-only online shop for kids who purchased Burger King’s menus, had customers data exposed in a misconfigured database. An open and unprotected Elasticsearch cluster with plain-text data was left unattended…

Like this story? Please share it!

Blog, Data Breach, elasticsearch April 29, 2019

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members

On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data…

Like this story? Please share it!

Blog, database, elasticsearch, spammers April 2, 2019

Massive Spam Operation Uncovered In A Database Leak

Sometimes databases are left wide open not only by legit companies, but misconfigured by malicious actors themselves. Last month I have discovered a publicly available database with almost 5GB of 11,535,164 records with compromised emails…

Like this story? Please share it!