BreachExchange mailing list archives
Five billion records exposed in open ‘data breach database’
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 20 Mar 2020 09:26:40 -0500
https://www.scmagazine.com/home/security-news/database-security/five-billion-records-exposed-in-open-data-breach-database/ More than five billion records were exposed after a Keepnet Labs Elasticsearch “data breach database” housing a trove of security incidents from the last seven years was left unprotected. “Data was very well structured,” wrote security researcher Bob Diachenko, who discovered the Elasticsearch instance, of the information, which included hashtypes, leak dates, passwords, email addresses, email domains and leak sources. Diachenko said he was able to confirm some of the “prominent” leaks in the database, such as Adobe, Last.fm, Twitter, LinkedIn, Tumbler and VK. Calling the leak potentially “one of the biggest to date – five billion records were exposed,” Anurag Kahol, CTO at Bitglass, pointed out that hackers, like security researchers, also “use tools designed to detect abusable misconfigurations within IT assets like ElasticSearch databases.” Bad actors seeking to appropriate data could have easily exploited the vulnerability, he said. “The sensitive information exposed from Keepnet Lab’s Elasticsearch database is more than enough fodder for hackers to launch targeted phishing attacks, engage in account takeover fraud, or even make a profit by selling the data on the dark web,” said Chris DeRamus, CTO at DivvyCloud. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Five billion records exposed in open ‘data breach database’ Destry Winant (Mar 20)