The UK based cybersecurity firm exposed one of its unprotected Elasticsearch database that contained more than 5 billion previously leaked records.
Security researcher Bob Diachenko from securitydiscovery.com found the publicly available database on March 16.
This massive database had a collection of leaked records from the last seven year’s data breaches.
Update: The Marketing Director at cybersecurity firm, told QuickCyber that no customer data had been exposed or breached. The firm was using that database as a threat intelligence service for its customers.
The Elasticsearch cluster had two collections, one with 15 million records updating in real-time and other with 5,088,635,374 (5 Billion+) records. The leaked records were in a well-structured format and included hashtype, leak date, password, email, email domain and source of the leak.
How about that? A UK-based security company inadvertently exposed its ‘data breach database’ (which was probably part of their threat intelligence solution) spanning 2012-2019 era, with around 5.5B+ records. Now secured. No response. Story in progress.— Bob Diachenko (@MayhemDayOne) March 17, 2020
“I have immediately sent a security alert to the company which seemed to be responsible for the exposure but never received a reply. Database, however, has been taken offline within an hour after notification sent”, said Bob in a statement.