Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Cybersecurity Firm Exposes Breach Database Containing 5 Billion User Records

Technology research company Comparitech on Monday said its researchers discovered that a cybersecurity firm had exposed a database containing more than 5 billion user records.

Technology research company Comparitech on Monday said its researchers discovered that a cybersecurity firm had exposed a database containing more than 5 billion user records.

An investigation revealed that the database stored information that had been compromised in data breaches suffered by various companies over the past years. The database has been used by security analytics firm Cognyte to alert customers when their information is exposed as a result of a data breach suffered by a third party.

The database stored names, email addresses, passwords and data sources. The data appears to come from roughly two dozen data breaches disclosed over the past years, including by Tumblr, Rambler, MySpace, iMesh, VK, MGM, Edmodo, and Zoosk.

According to Comparitech, the database, stored on an Elasticsearch cluster, was indexed by search engines on May 28 and it was discovered by one of its researchers, Bob Diachenko, one day later. Cognyte was immediately notified and the data was secured a few days later.

“We do not know if any other third parties accessed the data during the time when it was exposed, nor do we know for how long it was exposed prior to being indexed by search engines. Our honeypot experiments show that attackers can find and access exposed data in a matter of hours,” Comparitech said.

This is not the first time Diachenko has come across an unprotected database belonging to a cybersecurity firm. Last year, the researcher discovered an exposed database belonging to email security company Keepnet Labs. That database also stored more than 5 billion records.

It’s not uncommon for these types of databases to be found online, either because they are inadvertently exposed by a company or they are offered — in some cases for free — on cybercrime forums.

While the exposed data is typically not new, experts warn that the usernames and passwords can still be useful for credential stuffing attacks.

Related: Microsoft Exposed 250 Million Customer Support Records

Related: Misconfigured Public Cloud Databases Attacked Within Hours of Deployment

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...