There was no exposure to customer’s information, and the incident involved only previously reported collections of data breaches.

There were two collections of Elasticsearch cluster:

• leaks_v1, with 5,088,635,374 records (more than 5 Billion records)

• leaks_v2, with more than 15 million records, updating in real-time

The data was well organized and included:

• Hash type (the way a password is presented: MD5/hash/plaintext etc.)

• Leak date (year)

• Password (hashed, encrypted or plaintext, depending on the leak)

• Email

• Email domain

• Source of the leak (I was able to confirm a few of the most prominent ones: Adobe, Last.fm, Twitter, LinkedIn, Tumblr, VK, and others).

Dangers of exposed data

• Although the exposed data is from previous breaches, such extensive and well-organized data will pose a threat to everyone whose information is exposed.

• The collection of leaked data is perfect for manipulation by an identity thief or phishing actor.

• Fraudsters can also use this data to scam the exposed people and may use this data to craft targeted messages.

• Phishing messages often impersonate themselves as trustworthy organizations that are legit or popular to trick the people into giving their personal information like bank details or even money.

• The messages often contain links to malicious websites that are made to look like original websites. They only exist to steal information, such as passwords and payment information.

What Can Be Done?

Undoubtedly, the Elasticsearch Instance coming from the database of a UK security company is alarming and questionable. Companies are recommended to adopt steadfast cybersecurity measures so that they can not only protect the existing data of users as well as the collections fo exposed data records from past years. Data leak of any form is dangerous and shall be avoided in any case.