Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Pierluigi Paganini March 22, 2020

Expert discovered an Elasticsearch instance belonging to a security firm containing over 5 billion records of data leaked in previous incidents.

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019.

“On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the  SSL certificate and reverse DNS records.” wrote Security Discovery’s researcher Bob Diachenko. “The irony of that discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported (and, perhaps, non-reported) security incidents spanning 2012-2019 era.”

The huge trove of data is composed of two collections, one containing 5,088,635,374 records, and the second one that was being updated in real-time has over 15 million records.

Exposed data include hashtype, leak year, password (hashed, encrypted or plaintext, depending on the leak), email, email domain, and source of the leak (i.e. Adobe, Last.fm, Twitter, LinkedIn, Tumblr, VK and others).

Most of the data come from previously known sources, it could expose affected people to scams and phishing campaigns.

The expert discovered the unprotected Elasticsearch cluster on March 16, it was indexed by the BinaryEdge search engine on March 15. At the time it’s not clear for how long the database remained exposed online and of it was accessed by third-parties.

Diachenko reported its discovery to the security firm that quickly took the Elesticsearch installation offline.

The security firm that exposed the archive revealed that the database was exposed while its supplier was moving the index to a different Elasticsearch server. The firewall was temporarily disabled for roughly 10 minutes during the migration, which allowed the search engine to index the database.

“Our extensive cybersecurity knowledge lends itself well to searching for and analyzing data leaks. Our due diligence demands that we make every attempt to identify who is responsible and notify them as quickly as possible.” concludes the expert.

“Our hope is to minimize harm to end users whose data .”

NOTE: Company’s data and customer records were not exposed, incident involved only previously reported data breaches collections.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Security firm, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment