5B+ UK-Based Security Company Records Exposed Due to Leaks Database Exposure

On March 16th, 2020, an unprotected and publicly available Elasticsearch instance which appeared to be managed by a UK-based security company was reported. The confirmation of the case was obtained from the SSL certificate and reverse DNS records. This data exposure came from a data breach record, which showed a massive collection of previously reported security incidents spanning the 2012-2019 era.

There was no exposure to customer’s information, and the incident involved only previously reported collections of data breaches.

There were two collections of Elasticsearch cluster:

  • leaks_v1, with 5,088,635,374 records (more than 5 Billion records)

  • leaks_v2, with more than 15 million records, updating in real-time

The data was well organized and included:

  • Hash type (the way a password is presented: MD5/hash/plaintext etc.)

  • Leak date (year)

  • Password (hashed, encrypted or plaintext, depending on the leak)

  • Email

  • Email domain

  • Source of the leak (I was able to confirm a few of the most prominent ones: Adobe, Last.fm, Twitter, LinkedIn, Tumblr, VK, and others).

Dangers of exposed data

  • Although the exposed data is from previous breaches, such extensive and well-organized data will pose a threat to everyone whose information is exposed.

  • The collection of leaked data is perfect for manipulation by an identity thief or phishing actor.

  • Fraudsters can also use this data to scam the exposed people and may use this data to craft targeted messages.

  • Phishing messages often impersonate themselves as trustworthy organizations that are legit or popular to trick the people into giving their personal information like bank details or even money.

  • The messages often contain links to malicious websites that are made to look like original websites. They only exist to steal information, such as passwords and payment information.

What Can Be Done?

Undoubtedly, the Elasticsearch Instance coming from the database of a UK security company is alarming and questionable. Companies are recommended to adopt steadfast cybersecurity measures so that they can not only protect the existing data of users as well as the collections fo exposed data records from past years. Data leak of any form is dangerous and shall be avoided in any case.

GDPR CCPA Compliance Management