Usually, when data leaks are reported on, they typically involve a database of previously unexposed information. In a rather odd case of data leakage, researcher Bob Diachenko has uncovered an Elasticsearch database with a large cluster of previously leaked data containing more than five billion records all readily available in one location. This may sound confusing at first, but Diachenko makes sense of the issue in his research post:
On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony of that discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported (and, perhaps, non-reported) security incidents spanning 2012-2019 era.
The implications of this unprotected Elasticsearch database are massive, as any cybercriminal who specializes in identity theft or various social engineering schemes (such as spear-phishing), has a proverbial treasure trove of sensitive data to access. While Diachenko acknowledges that the database was taken offline within an hour of raising the alarm, there is no telling how long the database was unsecured.
From the point of research purposes, there can be some value in holding onto data like this to analyze patterns of attack. Nevertheless, there is no reason for nearly a decade’s worth of information to be held onto. Especially if this data is all localized to one massive database without any protections.
This story has been updated to reflect a correction from published sources used as a basis for this article.
Featured image: Flickr / Christiaan Colen