An Elasticsearch instance containing over 5 billion records of data leaked in previous cybersecurity incidents was found exposed to anyone with an Internet connection, Security Discovery reports.
The database was identified as belonging to UK-based security company Keepnet Labs, which focuses on keeping organizations safe from email-based cyber-attacks. It contained data leaked in security incidents that occured between 2012 and 2019.
The Elasticsearch instance, Security Discovery’s Bob Diachenko reveals, had two collections in it: one containing 5,088,635,374 records, and another with over 15 million records. This second collection was being constantly updated.
According to the security researcher, the data was well structured and included the hashtype, leak year, password (hashed, encrypted or plaintext, depending on the leak), email, email domain, and source of the leak.
Diachenko said he was able to confirm leaks originating from Adobe, Last.fm, Twitter, LinkedIn, Tumblr, VK and others.
The researcher immediately alerted Keepnet Labs, which took the database offline within an hour.
Most of the data, Diachenko says, appears to have been collected from previously known sources, but unrestricted access to such a collection would still represent a boon for cybercriminals, providing them with a great resource for phishing and identity theft.
“This massive collection of over five billion records delivers email addresses that can be used by criminals to send socially engineered phishing email scams. The criminals can craft the email with information relating to the breach it was associated with,” James McQuiggan, security awareness advocate at KnowBe4, told SecurityWeek in an emailed comment.
Responding to a SecurityWeek inquiry, Keepnet Labs confirmed that the database only contained publicly available data that can also be accessed through various online services.
The co ..
Support the originator by clicking the read the rest link below.
