The unprotected database was hosted on an Elasticsearch server.
If you thought “Collections #2-5” was the world’s largest data dump with 2.2 billion accounts think again. On 16th March an Elasticsearch database reportedly owned by the UK-based cyber security firm Keepnet Labs containing over five billion records was exposed online.
This data mainly comprised of records from several breaches over the past seven years (2012 to 2019) was discovered online with public access by security researcher Bob Diachenko. The researcher was able to identify the owner of the Elasticsearch database by examining the reverse DNS records and SSL certificate.
According to Diachenko, the data was left unprotected in a “well-structured” form and included a treasure trove of valuable records including leaked passwords (hashed and plain text), hashtypes, email domains, and email addresses, leak dates, and leak sources.
Further digging into the database revealed that it contained records from some very prominent data leaks reported so far, such as, Twitter, Tumblr, Adobe, Vk, LinkedIn, and Last.fm. However, it is worth noting that none of the current records of the company or its customers were exposed, and only data from previously reported breaches were stored in the database.
Screenshot of leaked records – Image: Bob Diachenko
The database also contained two folders of data- one was titled leaks_v1 and contained over 5 billion records (5,088,635,374 records) while the other titled leaks_v2 contained over 15 million records. The second cluster was being updated in real-time.
Even though most of the data seems to be collected from previously known sources, such large and structured collection of data would pose a clear risk to people whose data was exposed. An identity thief or phishing actor couldn’t ask for a better payload, Diachenko wrote in his blog post.
Diachenko notified the company about the open-access database and it was taken offline with an hour. Yet, there has been no official response or acknowledgement from the company.
How about that? A UK-based security company inadvertently exposed its ‘data breach database’ (which was probably part of their threat intelligence solution) spanning 2012-2019 era, with around 5.5B+ records. Now secured. No response. Story in progress.
— Bob Diachenko (@MayhemDayOne) March 17, 2020
This, however, is not the first time when a database on Elasticsearch was exposed to the public. Just last month, an Israeli company leaked personal data of millions of Americans including their physical address. The database was hosted on an Elasticsearch server.
In November last year, 4 terabytes of personal records were leaked online – All that without any password.
In another incident, personal and tax records of 20 million Russians were also leaked online. Last month, another Elasticsearch database was exposed and leaked personal data of millions of Americans from a computer in China.