A misconfigured Elasticsearch server is responsible for exposing data amounting to more than 370 million records.
Dating sites have recently started to increasingly become the target of malicious actors. This may be centered around how lucrative of a victim they are in terms of the data obtained.
Keeping this in mind, just today, a new report has been released by vpnMentor which investigates a new data leak of 70+ websites falling mainly into the dating niche along with including e-commerce sites as well.
What happened was that all of these 70 websites were using the very same email marketing company named Mailfire whose Elasticsearch server was found without any authentication required such as a password.
See: 845GB of sensitive explicit data on niche dating apps users exposed online
In essence, it was open for anyone to see and contained 882.1 GB of data amounting to more than 370 million records. When Mailfire was contacted regarding this, they accepted the researcher’s claim and acted to secure the server immediately.
The incident should not come as a surprise since Elasticsearch servers have a long history of exposing data online. Furthermore, misconfigured databases have exposed billions of sensitive records in the last couple of years.
In fact, the situation is so critical that according to a new poll, database configuration errors are the number one threat to cl ..
Support the originator by clicking the read the rest link below.
