Security company leaks database of data leaks
Security expert Bob Diachenko is one of the best known for finding leaky databases online. Now he has managed another coup. Diachenko's latest find is a good five billion entries.
According to Diachenko, the Elastic-search database should have been structured very cleanly. Leaked data from well-known database leaks such as those from Adobe, Tumblr, Linked-in, Twitter and others were meticulously recorded. The cataloged leaks should go back up to seven years.
The fall of the British security company Keep-net Labs, which took the database offline within an hour after Diachenko reported it.
Elastic-search again proves to be unsafe
Elastic-search databases are known for their leak -Anfälligkeit. Since they have no built-in security functions, they can only be operated safely behind firewalls and in password-protected areas. Keep-net Labs had apparently overlooked this in the present case.
Panic unnecessary: The data were all not new
For the sake of fairness, it must be mentioned that all leaks that could be read neatly from the database had previously been publicly accessible. The only benefit that cyber criminals would now have from the new publication would be that they could make a tidy overall collection the basis of their actions. However, none of the entries had any news value.
The incident shows again that Elastic search servers should be operated with special caution. However, if even a security company can't do it, who will?
No comments