On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for […]

On May 23rd, another Elasticsearch misconfiguration incident has led to the exposure of the personal details and Aadhar number for […]
On May 6th I have identified an open and unprotected Elasticsearch server that appeared to contain registration details for US-based […]
On April 16th I have discovered an unprotected and publicly indexed Elasticsearch cluster that contained 3,376,912 records with personally identifiable […]
On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by […]
On December 11th, 2019, I have identified an open and unprotected Elasticsearch cluster with 976 millions of records which appeared […]
On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records […]
Two data incidents just months apart from each other. Back in February 2019 I found a database that belonged to […]
Religious website service Clover Sites exposed customer data for at least 6-7 months and the dataset was found twice on […]
On Sept 4th I have identified an open and unprotected Elasticsearch cluster containing sensitive details of customers of Calcioshop.it, popular […]
Way back in March, 2019 Security Discovery’s Bob Diachenko discovered a non-password protected database that contained 18,000 user names, mailing […]
On September 5th I discovered a non-password protected database that contained 1 folder named “Customers”. Every file contained references to […]
Bold.com, company behind popular solutions to help jobseekers find jobs, and help businesses find candidates – LiveCareer, Resume-Now, my Perfect Resume, Mighty […]
On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of […]
On August 14th I have sent a responsible disclosure notice to Gartner, the world’s leading information technology research and advisory company, […]
Online fundraising is a growing industry that has raised many billions of dollars for worthy causes from around the street […]
In another Elasticsearch misconfiguration incident Credia.ge, a Tbilisi-based (Georgia) agency, exposed personal and loan information for thousands of its customers. […]
On July 26th discovered a non password protected elastic data set that contained 5.2 million documents in total. Immediately, I […]
On May 29th I discovered a database that contained what appeared to be a member list. Like most database names […]
On May 26th, I discovered a non-password protected database that contained what appeared to be millions of financial transactions. Upon […]
Elasticsearch misconfigurations and related data incidents have became top news recently, even after Elastic introduced free security packs for all […]