Security Experts:

Cybersecurity Firm Exposes Breach Database Containing 5 Billion User Records

Technology research company Comparitech on Monday said its researchers discovered that a cybersecurity firm had exposed a database containing more than 5 billion user records.

An investigation revealed that the database stored information that had been compromised in data breaches suffered by various companies over the past years. The database has been used by security analytics firm Cognyte to alert customers when their information is exposed as a result of a data breach suffered by a third party.

The database stored names, email addresses, passwords and data sources. The data appears to come from roughly two dozen data breaches disclosed over the past years, including by Tumblr, Rambler, MySpace, iMesh, VK, MGM, Edmodo, and Zoosk.

According to Comparitech, the database, stored on an Elasticsearch cluster, was indexed by search engines on May 28 and it was discovered by one of its researchers, Bob Diachenko, one day later. Cognyte was immediately notified and the data was secured a few days later.

“We do not know if any other third parties accessed the data during the time when it was exposed, nor do we know for how long it was exposed prior to being indexed by search engines. Our honeypot experiments show that attackers can find and access exposed data in a matter of hours,” Comparitech said.

This is not the first time Diachenko has come across an unprotected database belonging to a cybersecurity firm. Last year, the researcher discovered an exposed database belonging to email security company Keepnet Labs. That database also stored more than 5 billion records.

It’s not uncommon for these types of databases to be found online, either because they are inadvertently exposed by a company or they are offered — in some cases for free — on cybercrime forums.

While the exposed data is typically not new, experts warn that the usernames and passwords can still be useful for credential stuffing attacks.

Related: Microsoft Exposed 250 Million Customer Support Records

Related: Misconfigured Public Cloud Databases Attacked Within Hours of Deployment

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.