Keepnet kerfuffle: Firing legal threats at bloggers did infosec biz more damage than its exposed database

[InfoSec News <alerts () infosecnews org>]

https://www.theregister.com/2020/06/10/keepnet_data_breach_kerfuffle/

By Gareth Corfield
The Register
10 June 2020

Comment - UK-based infosec outfit Keepnet Labs left an 867GB database of 
previously compromised website login details accessible to world+dog 
earlier this year – then sent lawyers' letters to bloggers in a bid to 
erase their reports of its blunder.

A contractor left the Keepnet Elasticsearch database unsecured back in 
March after disabling a firewall, exposing around five billion harvested 
records to the public internet, the firm admitted in a statement 
yesterday.

The database was indexed by a search engine, and came to the attention of 
noted infosec blogger Volodymyr "Bob" Diachenko, who wrote it all up. 
Keepnet disputed Diachenko's initial characterisation of the breach, and 
things spiralled from there.

As reported by news website Verdict, Keepnet was stung by Diachenko's 
initial post about the gaffe, which Keepnet interpreted as the blogger 
blaming the business for leaking its own customers' data – none of its own 
clients' data was exposed, but rather info from previous publicly known 
database exposures. Diachenko said the database contained email addresses, 
hashed passwords, the sources of the information, and other details, all 
gathered from previous leaks by hackers.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_