A massive database of more than 5 Billion “leaked records” was exposed online

The UK based cybersecurity firm exposed one of its unprotected Elasticsearch database that contained more than 5 billion previously leaked records.

Security researcher Bob Diachenko from securitydiscovery.com found the publicly available database on March 16.

This massive database had a collection of leaked records from the last seven year’s data breaches.

Update: The Marketing Director at cybersecurity firm, told QuickCyber that no customer data had been exposed or breached. The firm was using that database as a threat intelligence service for its customers.

Bob confirmed that the leaked records were from Adobe, Last.fm, Twitter, Linkedin, Tumblr, VK and other data breaches.

The Elasticsearch cluster had two collections, one with 15 million records updating in real-time and other with 5,088,635,374 (5 Billion+) records. The leaked records were in a well-structured format and included hashtype, leak date, password, email, email domain and source of the leak.

How about that? A UK-based security company inadvertently exposed its ‘data breach database’ (which was probably part of their threat intelligence solution) spanning 2012-2019 era, with around 5.5B+ records. Now secured. No response. Story in progress.

— Bob Diachenko (@MayhemDayOne) March 17, 2020

“I have immediately sent a security alert to the company which seemed to be responsible for the exposure but never received a reply. Database, however, has been taken offline within an hour after notification sent”, said Bob in a statement.

See also:
> Misconfigured Database of Virgin Media Exposes 900,000 Customers’ Information
> Facial recognition company Clearview AI faced a massive data breach