Advanced searches left 3/3
Search only database of 8 mil and more summaries

Elasticsearch Server Breached

Summarized by PlexPage
Last Updated: 02 July 2021

* If you want to update the article please login/register

General | Latest Info

Security researchers discovered an open ElasticSearch server that contains unique data records of around 1. 2 billion users. According to Security analysts Bob Diachenko and Vinny Troia, servers hold more than 4 terabytes of data, without password protection or authentication. Exposed data includes names, email addresses, phone numbers, LinkedIn, and Facebook profile information. It is believed that exposed data appears to have originated from two different data enrichment companies, namely People Data Labs and OxyData. Io. Data discovered on the open ElasticSearch server was an almost complete match to data being returned by People Data Labs API. The only difference is the data returned by PDL also contains education histories. There was no educational information in any of the data downloaded from the server. Everything else was the same, including accounts with multiple email addresses and multiple phone numbers, researchers say in a statement. Analysis of the OXY Database reveals an almost complete scrape of LinkedIn data, including recruiter information. Upon contacting OxyData, I was also informed that the server does not belong to them. Oxy was not willing to give me access to their API to test / compare profiles, but they were nice enough to send me a copy of my own record for analysis. The data they send contains mostly scrap LinkedIn profiles and appears to be match for data, statement add. Multiple security incidents were reported on ElasticSearch servers earlier. Recently, almost everyone in Ecuador has become the victim of a massive data breach that exposed personal information of over 20 million individuals, including the countrys president and WikiLeaks founder Julian Assange, who was granted asylum by Ecuador in 2012. Security firm vpnMentor discovered a breach on Miami - base ElasticSearch server owned by Ecuadorian company Novaestrat. It said that exposed data appears to have come from various sources, including Ecuadorian national bank, Ecuadorian government registries, and an automotive association called Aeade. Also, unprotected ElasticSearch Database exposes around 198 million personal records of car buyers online. Jeremiah Fowler, Security researcher at Security Discovery, State that he discovered a database, that contains 413 GB of data, that was left online without any password protection.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Elasticsearch servers and personal data

Elasticsearch is an open source search and analytics engine, as well as a data store. And with hundreds of millions of downloads, it is also incredibly popular. We tout its speed, scale, and search relevance, but its wide adoption has also been greatly driven by its ease of use, ability to handle any type of data, robust set of features, and the fact that anyone can submit bug fixes or suggest improvement. In non - tech speak, imagine having a spreadsheet with billions of rows, but still being able to find or calculate anything in it in a split second. Elasticsearch is like that, and it is really good at what it does, so lot of organizations use Elasticsearch for all sorts of things like powering search on their ecommerce sites, analyzing data sent from Mars rovers, or making sure rideshares show up on time.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Sources

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

logo

Plex.page is an Online Knowledge, where all the summaries are written by a machine. We aim to collect all the knowledge the World Wide Web has to offer.

Partners:
Nvidia inception logo

© All rights reserved
2021 made by Algoritmi Vision Inc.

If you believe that any of the summaries on our website lead to misinformation, don't hesitate to contact us. We will immediately review it and remove the summaries if necessary.

If your domain is listed as one of the sources on any summary, you can consider participating in the "Online Knowledge" program, if you want to proceed, please follow these instructions to apply.
However, if you still want us to remove all links leading to your domain from Plex.page and never use your website as a source, please follow these instructions.