Exposed Elasticsearch Database Compromises Data on 8M People

Exposed Elasticsearch Database Compromises Data on 8M People
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.

Another day, another unsecured database. An unprotected Elasticsearch database exposed information belonging to eight million people in the United States who submitted their personal details as part of online sweepstakes entries, surveys, and free product sample requests.


Survey websites typically offer samples, prizes, or contest entries in exchange for personal data that's later used in marketing campaigns, BleepingComputer reports. The information collected by one organization was kept in an Elasticsearch database, which was found unprotected by security researcher Sanyam Jain. It contained data including the full names, physical and email addresses, phone numbers, birthdates, gender, and IP addresses of individuals who entered their info on survey sites.


Further investigation by Jain showed the site belonged to PathEvolution, an online marketing firm owned by Ifficient, another marketing company. Ifficient ..