An ElasticSearch B.V. server has been found leaking the details of nearly 57 million U.S. citizens online in the latest case of a misconfigured online server.
The server, discovered by security researcher Bob Diachenko at Hacken and reported today, was found via the Shodan search engine and contained 73 gigabytes of data consisting of nearly 57 million records pertaining to U.S. citizens. That data included first name, last name, employers, job title, email, address, state, zip, phone number and IP address.
A second database, found on the same server, consisted of nearly 26 million additional business records.
Diachenko was unable to confirm the source of the data, but he said the data had similarities to fields used by Canadian data management company Data & Leads Inc. The company has neither confirmed nor denied that the data does belong to it, but it has shut down its website, suggesting that it may indeed be the source of the data.
An archived version of Data & Leads’ website has the company claiming that it offers businesses “access to our massive in-house data collection, as well as one of the largest data supplier networks of any data or lead company.”
Tim Erlin, vice president, product management and strategy at Tripwire Inc., told SiliconANGLE that if a company leave unsecured data on the internet, it will eventually be discovered and exploited, reported or both.
“Discovering the data is the first step, but identifying the responsible organization or individual will come next. We should all be waiting for the other shoe to drop on this story,” Erlin said. “Technology can solve a lot of problems, but security still requires a careful review and implementation of the basics.”
Erlin added that incidents like this don’t require sophisticated hackers or nation-state cyberwar budgets. “Anyone with the time and an Internet connection can find this data,” he said.
Balaji Parimi, chief executive officer of CloudKnox Security Inc., noted that whether it’s an ElasticSearch server, an Amazon S3 cloud storage bucket or another one of the thousands of resources in the cloud that can create opportunities for leakage, it only takes one person changing a privacy configuration to put sensitive data for millions of people at risk.
“That’s why it’s so important for organizations to understand who have the privileges that can lead to these types of issues and proactively manage those privileges to reduce risk exposure,” Parimi said. “Overprivileged identities are one of the biggest threats facing enterprises with complex, multicloud environments, and we will continue to see database leaks like this one until companies get better at assessing and managing unused, high-risk privileges.”
Since you’re here …
The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.