UPDATED 22:20 EDT / NOVEMBER 28 2018

SECURITY

Misconfigured ElasticSearch server leaks records of 57M US citizens

An ElasticSearch B.V. server has been found leaking the details of nearly 57 million U.S. citizens online in the latest case of a misconfigured online server.

The server, discovered by security researcher Bob Diachenko at Hacken and reported today, was found via the Shodan search engine and contained 73 gigabytes of data consisting of nearly 57 million records pertaining to U.S. citizens. That data included first name, last name, employers, job title, email, address, state, zip, phone number and IP address.

A second database, found on the same server, consisted of nearly 26 million additional business records.

Diachenko was unable to confirm the source of the data, but he said the data had similarities to fields used by Canadian data management company Data & Leads Inc. The company has neither confirmed nor denied that the data does belong to it, but it has shut down its website, suggesting that it may indeed be the source of the data.

An archived version of Data & Leads’ website has the company claiming that it offers businesses “access to our massive in-house data collection, as well as one of the largest data supplier networks of any data or lead company.”

Tim Erlin, vice president, product management and strategy at Tripwire Inc., told SiliconANGLE that if a company leave unsecured data on the internet, it will eventually be discovered and exploited, reported or both.

“Discovering the data is the first step, but identifying the responsible organization or individual will come next. We should all be waiting for the other shoe to drop on this story,” Erlin said. “Technology can solve a lot of problems, but security still requires a careful review and implementation of the basics.”

Erlin added that incidents like this don’t require sophisticated hackers or nation-state cyberwar budgets. “Anyone with the time and an Internet connection can find this data,” he said.

Balaji Parimi, chief executive officer of CloudKnox Security Inc., noted that whether it’s an ElasticSearch server, an Amazon S3 cloud storage bucket or another one of the thousands of resources in the cloud that can create opportunities for leakage, it only takes one person changing a privacy configuration to put sensitive data for millions of people at risk.

“That’s why it’s so important for organizations to understand who have the privileges that can lead to these types of issues and proactively manage those privileges to reduce risk exposure,” Parimi said. “Overprivileged identities are one of the biggest threats facing enterprises with complex, multicloud environments, and we will continue to see database leaks like this one until companies get better at assessing and managing unused, high-risk privileges.”

Photo: piro007/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU