Polecat exposed an Elasticsearch server that wasn’t protected with any authentication measures or any form of encryption.
Polecat, a UK-based data analytics company that offers various advanced “data analytics and human expertise” tools to ensure organizations achieve ESG (environmental, social, governance) management success has become a victim of a data breach.
The breach was discovered by Ata Hakcil, the head of Wizcase CyberResearch Team, on October 29, 2020. Polecat was informed about the exposed data, and the company secured it on November 2nd however, details of the breach were only published this week.
Unsecured Server Exposed 30TB of Data
According to Wizcase researchers’ analysis, an unsecured Elasticsearch server owned by Polecat is responsible for exposing nearly 30TB of data on the web. The server wasn’t protected with any authentication measures or any form of encryption. Hence, anyone could access the records stored on that server.
Further probe revealed that the server stored business records dating back to 2007. It contained employee usernames and passwords, more than 6.5 billion tweets, over one billion posts collected from various websites and blogs, and social media records.