Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Elasticsearch Instances Expose Data of 82 Million U.S. Users

Personal information of over 82 million users in the United States was exposed via a set of open Elasticsearch instances, Hacken security researchers warn.

Personal information of over 82 million users in the United States was exposed via a set of open Elasticsearch instances, Hacken security researchers warn.

A total of 73 gigabytes of data were found during a “regular security audit of publicly available servers with the Shodan search engine,” HackenProof explains. At least three IPs with the identical Elasticsearch clusters misconfigured for public access were discovered. 

The first IP, which was indexed by Shodan on November 14, contained the personal information of 56,934,021 U.S. citizens. The data exposed to the Internet included information such as name, email, address, state, zip, phone number, IP address, and also employers and job title.

Furthermore, the security researchers discovered another index of the same database that featured over 25 million records. 

The information contained here included name, company details, zip address, carrier route, latitude/longitude, census tract, phone number, web address, email, employees count, revenue numbers, NAICS codes, SIC codes, and etc.

Overall, HackenProof says (PDF), 82,851,841 people were impacted by this data breach. A total of 114,686,118 records were found in the unprotected Elasticsearch instances. 

What the security researchers couldn’t establish for certain, however, was who the exposed database belonged to. However, they believe it might have come from Data & Leads Inc., due to similarities in the structure of the field ‘source’ in data fields. 

However, not only were the researchers not able to get in touch with Data & Leads Inc., but also the company’s website went offline shortly after the report on the data breach was published. 

Advertisement. Scroll to continue reading.

The database is no longer exposed to the public, but Hacken couldn’t establish for how long it had been online before it was indexed by Shodan crawlers on November 14. They don’t know who else might have had access to it either. 

Elasticsearch, a distributed, RESTful search and analytics engine, stores data in installations that are bound to localhost by default, which is meant to keep them away from unauthorized access. However, although authentication and role-based access control are provided, not every Elasticsearch customer deploys it.

This has led to various types of attacks in the past as well, including a ransack attack last year, when 35,000 Elasticsearch clusters were found exposed to the public Internet. Earlier this year, a database owned by data broker firm Exactis was found exposing 340 million records (230 million on consumers and 110 million on business contacts).

Related: Massive Breach at Data Broker Exactis Exposes Millions of Americans

Related: Elasticsearch Servers Latest Target of Ransom Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...