Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Unprotected Database Exposed 5 Billion Previously Leaked Records

An Elasticsearch instance containing over 5 billion records of data leaked in previous cybersecurity incidents was found exposed to anyone with an Internet connection, Security Discovery reports.

An Elasticsearch instance containing over 5 billion records of data leaked in previous cybersecurity incidents was found exposed to anyone with an Internet connection, Security Discovery reports.

The database was identified as belonging to UK-based security company Keepnet Labs, which focuses on keeping organizations safe from email-based cyber-attacks. It contained data leaked in security incidents that occured between 2012 and 2019.

The Elasticsearch instance, Security Discovery’s Bob Diachenko reveals, had two collections in it: one containing 5,088,635,374 records, and another with over 15 million records. This second collection was being constantly updated.

According to the security researcher, the data was well structured and included the hashtype, leak year, password (hashed, encrypted or plaintext, depending on the leak), email, email domain, and source of the leak.

Diachenko said he was able to confirm leaks originating from Adobe,, Twitter, LinkedIn, Tumblr, VK and others.

The researcher immediately alerted Keepnet Labs, which took the database offline within an hour.

Most of the data, Diachenko says, appears to have been collected from previously known sources, but unrestricted access to such a collection would still represent a boon for cybercriminals, providing them with a great resource for phishing and identity theft.

“This massive collection of over five billion records delivers email addresses that can be used by criminals to send socially engineered phishing email scams. The criminals can craft the email with information relating to any breach it was associated with,” James McQuiggan, security awareness advocate at KnowBe4, told SecurityWeek in an emailed comment.

Responding to a SecurityWeek inquiry, Keepnet Labs confirmed that the database only contained publicly available data that can also be accessed through various online services.

The company also said that the data was “collected and correlated” for its customers only, to inform them if their accounts were part of previous breaches, and that customers can perform only searches related to their domains.

“No confidential customer data has been breached,” the company underlined.

The unprotected Elasticsearch cluster was identified by Diachenko on March 16, after being indexed by the BinaryEdge search engine on March 15. However, it’s not clear for how long the database stayed exposed to the Internet and whether third-parties accessed it during that time.

According to Keepnet Labs, the database became exposed while its supplier was moving the index to a different Elasticsearch server. During the operation, the company says, the firewall was disabled for roughly 10 minutes, enough for an online service to index the database.

“There is a certain irony is an exposed database of previously compromised data. The fact that this data was previously compromised doesn’t mean this incident is meaningless. The sheer volume of this collections makes it a valuable target for criminals. Sometimes the data itself is made more valuable by the ease of access or aggregation. It would be important to know for how long this data has been exposed, and of course, whether anyone has actually accessed it,” Tim Erlin, VP of product management and strategy at Tripwire, told SecurityWeek in an emailed comment.

“While the data exposed in this incident appears to be collected from previously known sources, the fact that it was all readily available, indexed, and publicly exposed makes it a big concern. Criminals can use the data contained to formulate attacks against organisations, and in particular use the information for spear-phishing attacks,” Javvad Malik, security awareness advocate at KnowBe4, commented.

Related: Microsoft Exposed 250 Million Customer Support Records

Related: Data on 1.2 Billion Users Found in Exposed Elasticsearch Server

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...