Researchers say ‘billions’ of records were leaked before cyber-attackers took advantage
An unsecured server belonging to a data analytics company exposed an estimated 30TB of business records online, resulting in the firm being held to ransom.
Polecat is a UK-based agency that offers “a combination of advanced data analytics and human expertise, [to help] the world’s largest organizations achieve reputation, risk, and ESG (environmental, social, and governance) management success”.
On October 29, 2020, the Wizcase CyberResearch Team, led by Ata Hakcil, discovered that an Elasticsearch server owned by Polecat was exposing roughly 30TB of data on the web without any authentication required to access records, or any form of encryption in place.
Wizcase found records dating back to 2007, including employee usernames and hashed passwords, over 6.5 billion tweets, social media records, and over one billion posts gathered from different blogs and websites.
The public information gathered by Polecat is harvested on a daily basis and tends to relate to subjects such as Covid-19, firearms, politicians, racism, and healthcare.
Polecat was notified of the data exposure by Wizcase on October 30 and November 1. However, it can take mere moments for an open server or bucket to be detected and abused by threat actors – and this happened a day after the researcher’s discovery.