Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
An open Elasticsearch incident has reportedly exposed more than 5 billion records from 2012 to March 16, when the breach was discovered. The data in two of the collections is information on data breaches collected by a UK research firm over the course of the same time period. The data exposed in the Eleasticsearch includes information on the security breaches including the domain, source, contact email address and password.
Many of the data in the collections pertaining to the breaches is public knowledge, however, some of the information remains sensitive and could present a phishing risk for victims. The researcher who found the breach notified the owner of the data, who did not reply but removed the databases and collections within an hour.