- Joined
- Mar 3, 2018
- Messages
- 1,713
An ElasticSearch server has reportedly leaked records of 56,934,021 U.S. citizens. The names, employers, job titles, email addresses, home addresses, IP addresses and phone numbers of these Americans were said to have been exposed exposed, and security expert Bob Diachenko claims that an additional business database with over 25 million records contained zip codes, carrier routes, coordinates, census tracts, web addresses, revenue numbers, and more. Hackenproof previously warned that the lack of authentication on Elasticsearch servers was dangerous, and this leak seemingly proves their fears. Thanks to Schtask for the tip.
While the source of the leak was not immediately identifiable, the structure of the field ‘source’ in data fields is similar to those used by a data management company Data & Leads Inc. However, we weren’t able to get in touch with their representatives. Moreover, shortly before this publication Data & Leads website went offline and now is unavailable. As of today, the database is no longer exposed to the public, however, it is unknown for how long it has been online before Shodan crawlers indexed it on November 14th and who else might have accessed the data.
While the source of the leak was not immediately identifiable, the structure of the field ‘source’ in data fields is similar to those used by a data management company Data & Leads Inc. However, we weren’t able to get in touch with their representatives. Moreover, shortly before this publication Data & Leads website went offline and now is unavailable. As of today, the database is no longer exposed to the public, however, it is unknown for how long it has been online before Shodan crawlers indexed it on November 14th and who else might have accessed the data.