Volcados de datos de ElasticSearch

Entre 2019 y 2023 numerosas empresas pusieron ElasticSearchs en producción sin el plugin de seguridad (por que no se facilitaba sin pagar), en vez de poner un proxy delante que se ocupara de garantizar la seguridad, al estar la API administrativa accesible (a veces incluso con credenciales por defecto como elastic/elastic) se produjeron numerosos ataques.

Listado de empresas conocidas que sufrieron robo de datos en ElasticSearch

Sky Brazil

As ElasticSearch based leaks become the latest source of massive data exposures, Sky Brasil, one of the biggest subscription television services in Brazil, is the latest to leave its customers exposed after not securing the server with a password.
Independent researcher Fabio Castro found the firm exposed the data of 32 million subscribers in 28.7GB of log files and a 429.1GB of API data that revealed names, home addresses, phone numbers, birth dates, client IP address, payment methods, and encrypted passwords.
"The data the server stored was Full name, e-mail, password, pay-TV package data (Sky Brazil), client ip addresses, personal addresses, payment methods," Castro told BleepingComputer. "Among other information the model of the device, serial numbers of the device that is in the customer's home, and also the log files of the whole platform." [1]

Referencias