Security researcher Troy Hunt discovered an open Elasticsearch database containing around 22 million of email records. The researcher has said that he has not been able to trace source of the database.
In February, Troy Hunt reported about an open database named as “db8151dd” that contained around 90GB of data containing 22.8 million emails. It is said that the data was not obtained by scraping public sites and was collected in a different kind of hacking approach.
Hunt stated that it is mostly scrapable data from public sources with some key differences. “Firstly, my phone number is not usually exposed and that was in there in full. Yes, there are many places that (obviously) have it, but this isn’t a scrape from, say, a public LinkedIn page. Next, my record was immediately next to someone else I’ve interacted with in the past as though the data source understood the association. I found that highly unusual as it wasn’t someone, I’d expect to see a strong association with and I couldn’t see any other similar folks,” Hunt said in a post.
After three months of investigation Hunt turned up with three clues, which include:
- This contact information was synchronized from Exchange. If you want to change the contact information, please open OWA and make your changes there
- Exported from Microsoft Outlook (Do not delete)
- Contact Created By Evercontact (Evercontact is a contact management app available on Android.)
“Today is the end of the road for this breach investigation and I’ve just loaded all 22,802,117 email addresses into Have I Been Pwned. Why load it at all? Because every single time I ask about whether I should add data from an unattributable source, the answer is an overwhelming Yes,” Troy Hunt concluded.
Unprotected databases have been a severe issue for several organizations/individuals with hundreds of millions of confidential data been exposed. There have also been multiple Elasticsearch database breaches reported earlier. In the most recent one, around 5,088,635,374 records (more than five billion) were exposed after a U.K.-based security firm inadvertently exposed its “Data breach Database”, which stored huge information related security incidents from 2012 to 2019, without password protection.
Security researcher Bob Diachenko discovered the leaky database. Describing it as “Data was very well structured”, Diachenko stated that the leaky database contains huge data of previously reported and non-reported security incidents details, which include: Hashtype (the way a password was presented: MD5/hash/plaintext, etc.), Leak date, Password (hashed, encrypted or plaintext, depending on the leak), Email, Email domain, and Source of the leak.