A massive database of more than 5 Billion “leaked records” was exposed online

The UK based cybersecurity firm exposed one of its unprotected Elasticsearch database that contained more than 5 billion previously leaked records.

Security researcher Bob Diachenko from securitydiscovery.com found the publicly available database on March 16.

This massive database had a collection of leaked records from the last seven year’s data breaches.

Update: The Marketing Director at cybersecurity firm, told QuickCyber that no customer data had been exposed or breached. The firm was using that database as a threat intelligence service for its customers.

Bob confirmed that the leaked records were from Adobe, Last.fm, Twitter, Linkedin, Tumblr, VK and other data breaches.

A massive database of more than 5 Billion "leaked records" was exposed online - Examples of Records Structure

The Elasticsearch cluster had two collections, one with 15 million records updating in real-time and other with 5,088,635,374 (5 Billion+) records. The leaked records were in a well-structured format and included hashtype, leak date, password, email, email domain and source of the leak.

“I have immediately sent a security alert to the company which seemed to be responsible for the exposure but never received a reply. Database, however, has been taken offline within an hour after notification sent”, said Bob in a statement.


See also:
> Misconfigured Database of Virgin Media Exposes 900,000 Customers’ Information
> Facial recognition company Clearview AI faced a massive data breach

Share with your friends:

Leave a Reply

Your email address will not be published.