There have been multiple Elasticsearch database breaches, but this is unusual and one of the biggest to date. Around 5,088,635,374 records (more than five billion) were exposed after a U.K.-based security firm inadvertently exposed its “Data breach Database”, which stored huge information related security incidents from 2012 to 2019, without password protection.
Security researcher Bob Diachenko discovered the leaky database. Describing it as “Data was very well structured”, Diachenko stated that the leaky database contains huge data of previously reported and non-reported security incidents details, which include:
- Hashtype (the way a password was presented: MD5/hash/plaintext, etc.)
- Leak date (year)
- Password (hashed, encrypted or plaintext, depending on the leak)
- Email domain
- Source of the leak
Diachenko also said that he was able to confirm a few of the most prominent security incidents on Adobe, Last.fm, Twitter, LinkedIn, Tumblr, VK, and others. The database has been taken offline within an hour after Diachenko immediately sent a security alert.
Cyber Risks from Database Leaks
Attackers might take advantage of the sensitive information exposed to database leaks. Hackers can launch targeted phishing attacks, engage in account takeover fraud, and even sell the stolen data on dark web.
Recurring Elasticsearch Server Leaks
Elasticsearch servers have continued to leak protected personal information of millions of people and organizations. The most recent server breach occurred when Peekaboo’s app developer, Bithouse, left the Elasticsearch database open, which contained more than 70 million log files comprising nearly 100 GB data stored from March 2019. The exposed data included detailed device data, links to photos and videos, and around 800,000 email addresses.
There has always been a security concern about Elasticsearch servers. Security experts stressed that breach occurs due to lack of built-in protections, when there are no password protections or firewalls. Even ElasticSearch provided some recommendations on how to secure their servers, which include secure authenticated sign-in, proper encryption, layered security, and audit logging.