A UK-based Security Company Seemed To Have Inadvertently Exposed Its ‘Leaks Database’ with 5B+ Records

Bob Diachenko

Bob Diachenko

Cyber Threat Intelligence Director

2 minutes read
A UK-based Security Company Seemed To Have Inadvertently Exposed Its 'Leaks Database' with 5B+ Records - Security Discovery

On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the  SSL certificate and reverse DNS records.  The irony of that discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported security incidents spanning 2012-2019 era.

NOTE: Company’s data and customer records were not exposed, incident involved only previously reported data breaches collections.

A French-based IP was indexed by BinaryEdge search engine on March 15th.

Elasticsearch cluster in question had two collections:

Data was very well structured and included:

Example of records structure:

I have immediately sent a security alert to the company which seemed to be responsible for the exposure but never received a reply. Database, however, has been taken offline within an hour after notification sent.

Read more in the company’s statement.

Dangers of exposed data 

Even though most of the data seems to be collected from previously known sources, such large and structured collection of data would pose a clear risk to people whose data was exposed. An identity thief or phishing actor couldn’t ask for a better payload. 

Fraudsters might target affected people with scams and phishing campaigns, using their personal information to craft targeted messages

Phishing messages often impersonate trusted people or organizations to trick victims into giving up sensitive information or money. They often contain links to phishing websites, which mimic genuine websites. In fact, they exist only to steal information, such as passwords and payment information.

How and why we discovered this exposure

Our goal is to help to protect data on the Internet by identifying data leaks and following responsible disclosure policies. Our mission is to make the cyber world safer by educating businesses and communities worldwide.

Our extensive cybersecurity knowledge lends itself well to searching for and analyzing data leaks. Our due diligence demands that we make every attempt to identify who is responsible and notify them as quickly as possible.

Our hope is to minimize harm to end users whose data was exposed. We take steps to find out what each database contained, for how long it was exposed, and what threats to end users might arise as a result. Our findings are compiled into reports like this one to raise awareness and curb misuse of personal data by malicious parties.

 

← Back to Blog

Got your attention?

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform. Protect your business proactively - get in touch today for personalized digital security solutions.

Address
Business Development
Virginia, United States
Address
Research & Development
Kyiv, Ukraine
Address
Technical HQ
Hamburg, Germany