Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Elasticsearch Instances Expose Data of 82 Million U.S. Users

Personal information of over 82 million users in the United States was exposed via a set of open Elasticsearch instances, Hacken security researchers warn.

Personal information of over 82 million users in the United States was exposed via a set of open Elasticsearch instances, Hacken security researchers warn.

A total of 73 gigabytes of data were found during a “regular security audit of publicly available servers with the Shodan search engine,” HackenProof explains. At least three IPs with the identical Elasticsearch clusters misconfigured for public access were discovered. 

The first IP, which was indexed by Shodan on November 14, contained the personal information of 56,934,021 U.S. citizens. The data exposed to the Internet included information such as name, email, address, state, zip, phone number, IP address, and also employers and job title.

Furthermore, the security researchers discovered another index of the same database that featured over 25 million records. 

The information contained here included name, company details, zip address, carrier route, latitude/longitude, census tract, phone number, web address, email, employees count, revenue numbers, NAICS codes, SIC codes, and etc.

Overall, HackenProof says (PDF), 82,851,841 people were impacted by this data breach. A total of 114,686,118 records were found in the unprotected Elasticsearch instances. 

What the security researchers couldn’t establish for certain, however, was who the exposed database belonged to. However, they believe it might have come from Data & Leads Inc., due to similarities in the structure of the field ‘source’ in data fields. 

However, not only were the researchers not able to get in touch with Data & Leads Inc., but also the company’s website went offline shortly after the report on the data breach was published. 

The database is no longer exposed to the public, but Hacken couldn’t establish for how long it had been online before it was indexed by Shodan crawlers on November 14. They don’t know who else might have had access to it either. 

Elasticsearch, a distributed, RESTful search and analytics engine, stores data in installations that are bound to localhost by default, which is meant to keep them away from unauthorized access. However, although authentication and role-based access control are provided, not every Elasticsearch customer deploys it.

This has led to various types of attacks in the past as well, including a ransack attack last year, when 35,000 Elasticsearch clusters were found exposed to the public Internet. Earlier this year, a database owned by data broker firm Exactis was found exposing 340 million records (230 million on consumers and 110 million on business contacts).

Related: Massive Breach at Data Broker Exactis Exposes Millions of Americans

Related: Elasticsearch Servers Latest Target of Ransom Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...