Elasticsearch Data Breach Exposes 57 Million Records
A huge 73 GB data breach was discovered during a regular security audit of publicly available servers with the Shodan search engine.
Bob Diachenko, director of cyber risk research for security firm Hacken, said that the company found an exposed Elasticsearch server on the Shodan search engine, which is used to scan for connected devices and open servers.
The data has the info on around 57 million US citizens, containing information including first and last name, employers, job title, email, address, state, ZIP code, phone number, and IP address. Another index of the same database included over 25 million business records, which held details on companies including employee counts, revenue numbers, and carrier routes.
Elasticsearch is a full-text search engine product released on an open-source basis. It searches a variety of document types in near-real-time. Companies can download and use the software on their own servers or run it on cloud-based computers.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.