elasticsearch

Data Breach, elasticsearch May 25, 2020

Personal Details and IDs of Millions of Indian Families Exposed As A Result of Security Incident

On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for millions of families registered under Mukhya Mantri Parivar Samridhi Yojana (MMPSY), which is one of the…

Like this story? Please share it!

Blog, Data Breach, elasticsearch May 8, 2020

PADI Certified Divers Records Exposed in a Misconfiguration Incident

On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based divers certified by PADI, Professional Association of Diving Instructions. Cluster contained 2,313,197 records with the…

Like this story? Please share it!

elasticsearch April 21, 2020

Energy Company in Poland Exposed Data of its Customers

On April 16th I have discovered an unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable information (PII). Upon closer examination, database appeared to be part of a cloud environment set…

Like this story? Please share it!

Blog, Data Breach, elasticsearch March 19, 2020

A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records

On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony…

Like this story? Please share it!

Data Breach, database, elasticsearch December 18, 2019

Honda Exposes Vehicle Owner Records on the Web

On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared to be part of Honda North America infrastructure, exposed online to anyone with a web browser….

Like this story? Please share it!

Data Breach, database, elasticsearch, Uncategorized November 13, 2019

Prank Call Service PrankDial Exposed 138 Million Records Online

On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch October 28, 2019

2.59 Million Credit Card Transactions Exposed –

Two data incidents just months apart from each other. Back in February 2019 I found a database that belonged to a Nigerian based company. The first database contained over 8 million records. The representatives replied…

Like this story? Please share it!

Blog, Data Breach, elasticsearch October 22, 2019

Religious Website and Software Provider Leaks Customer and Credit Card Data for Many Months

Religious website service Clover Sites exposed customer data for at least 6-7 months and the dataset was found twice on two separate databases. On May 22nd I discovered and reported a data exposure incident involving…

Like this story? Please share it!

Data Breach, elasticsearch September 26, 2019

Large Italian Online Shop Exposed Customers Details

On Sept 4th I have identified an open and unprotected Elasticsearch cluster containing sensitive details of customers of Calcioshop.it, popular online shop in Italy for football accessories. Database contained 408,995 records with information about Calcioshop customer…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch September 24, 2019

Investment Research Company Exposed Subscribers, Credit Card Data, and Evidence of Ransomware

Way back in March, 2019 Security Discovery’s Bob Diachenko discovered a non-password protected database that contained 18,000 user names, mailing addresses, hashed passwords, and credit card information such as the last 4 digits of the…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch, Uncategorized September 19, 2019

Mattress Company Exposes 387k Customer Records Online

On September 5th I discovered a non-password protected database that contained 1 folder named “Customers”. Every file contained references to Verlo Mattress Factory and appeared to be customer data. Upon further investigation there were indications…

Like this story? Please share it!

Data Breach, Data Security Education, elasticsearch September 13, 2019

Bold.com Exposed Its Internal Infrastructure

Bold.com, company behind popular solutions to help jobseekers find jobs, and help businesses find candidates – LiveCareer, Resume-Now, my Perfect Resume, Mighty Recruiter – inadvertently exposed part of its internal infrastructure used for project tracking and project…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch September 11, 2019

Auto Dealer Leads Network Exposed 198 Million Records Online

On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of 198 million records. The most shocking part was that I had seen this dataset several…

Like this story? Please share it!

database, elasticsearch August 26, 2019

Gartner’s Legacy System Exposed Online

On August 14th I have sent a responsible disclosure notice to Gartner, the world’s leading information technology research and advisory company, alerting them on a misconfigured Elasticsearch cluster with 1TB+ of data. According to Shodan and…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch, Uncategorized August 23, 2019

Fundraising Platform Exposes 7.5 Million Records Online

Online fundraising is a growing industry that has raised many billions of dollars for worthy causes from around the street to around the world. The concept of small donations from many people can have a…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch August 12, 2019

Microfinance Agency Exposed Thousands of Customer Records

In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. I have identified the publicly available Elasticsearch cluster on August 3rd, however, according to Shodan…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch August 7, 2019

Leadership for Educational Equity Exposes 3.69 Million Members Online

On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I knew this information should not be publicly accessible and began trying to identify the ownership….

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch July 25, 2019

Cheers – English Whiskey Club Leaked Info of 23,362 Members Online

On May 29th I discovered a database that contained what appeared to be a member list. Like most database names that do not clearly identify the ownership, this one was named Martha Johansson. I assume…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch July 23, 2019

Jana Small Finance Bank Exposed Millions of Records Online

On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon further research I was able to connect the data to an Indian based microfinance bank…

Like this story? Please share it!

Blog, Data Breach, elasticsearch June 3, 2019

The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records

Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all their users. Nevertheless, we at SecurityDiscovery.com, are still registering 5-10 big cases every month and…

Like this story? Please share it!