elasticsearch

Blog, Data Breach, database, elasticsearch August 12, 2019

Microfinance Agency Exposed Thousands of Customer Records

In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. I have identified the publicly available Elasticsearch cluster on August 3rd, however, according to Shodan…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch August 7, 2019

Leadership for Educational Equity Exposes 3.69 Million Members Online

On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I knew this information should not be publicly accessible and began trying to identify the ownership….

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch July 25, 2019

Cheers – English Whiskey Club Leaked Info of 23,362 Members Online

On May 29th I discovered a database that contained what appeared to be a member list. Like most database names that do not clearly identify the ownership, this one was named Martha Johansson. I assume…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch July 23, 2019

Jana Small Finance Bank Exposed Millions of Records Online

On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon further research I was able to connect the data to an Indian based microfinance bank…

Like this story? Please share it!

Blog, Data Breach, elasticsearch June 3, 2019

The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records

Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all their users. Nevertheless, we at SecurityDiscovery.com, are still registering 5-10 big cases every month and…

Like this story? Please share it!

Blog, Data Breach, database, elasticsearch May 28, 2019

Mysterious Chinese Dating Apps Targeting US Customers Expose 42.5 Million Records Online

On May 25th I discovered a non password protected Elastic database that was clearly associated with dating apps based on the names of the folders. The IP address is located on a US server and…

Like this story? Please share it!

Data Breach, database, elasticsearch May 27, 2019

Company Offering Unique Experiences, Wine Tours, and Kids’ Parties Exposes 212,220 Records Online

On May 11th I discovered a non password protected Elastic database that contained detailed customer records and leads or potential customers. Upon further investigation of the data it appeared to belong to an Australian based…

Like this story? Please share it!

Data Breach, database, elasticsearch May 21, 2019

Golf App Exposes 218k Users’ Data Online

On April 1st Bob Diachenko discovered a non-password protected Elastic database that appeared to contain millions of records detailing golf games, courses, messages, and other player data. Upon further investigation there were many references to GAME…

Like this story? Please share it!

Data Breach, database, elasticsearch May 13, 2019

Panama Citizens Massive Data Breach

On May 10th I identified a massive bulk of data sitting in an unprotected and publicly available Elasticsearch cluster (hence visible in any browser). This database contained 3,427,396 records with detailed information on Panamanian citizens…

Like this story? Please share it!

Data Breach, elasticsearch May 7, 2019

Burger King’s Online Shop for Kids Exposed Data

Kool King Shop, (https://www.koolkingshop.fr/), a French-only online shop for kids who purchased Burger King’s menus, had customers data exposed in a misconfigured database. An open and unprotected Elasticsearch cluster with plain-text data was left unattended…

Like this story? Please share it!

Blog, Data Breach, elasticsearch April 29, 2019

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members

On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data…

Like this story? Please share it!

Blog, database, elasticsearch, spammers April 2, 2019

Massive Spam Operation Uncovered In A Database Leak

Sometimes databases are left wide open not only by legit companies, but misconfigured by malicious actors themselves. Last month I have discovered a publicly available database with almost 5GB of 11,535,164 records with compromised emails…

Like this story? Please share it!