Volcados de datos de ElasticSearch

De ingenio2010

Entre 2019 y 2023 numerosas empresas pusieron ElasticSearchs en producción sin el plugin de seguridad (por que no se facilitaba sin pagar), en vez de poner un proxy delante que se ocupara de garantizar la seguridad, al estar la API administrativa accesible (a veces incluso con credenciales por defecto como elastic/elastic) se produjeron numerosos ataques.

Listado de empresas conocidas que sufrieron robo de datos en ElasticSearch

Sky Brazil

As ElasticSearch based leaks become the latest source of massive data exposures, Sky Brasil, one of the biggest subscription television services in Brazil, is the latest to leave its customers exposed after not securing the server with a password.
Independent researcher Fabio Castro found the firm exposed the data of 32 million subscribers in 28.7GB of log files and a 429.1GB of API data that revealed names, home addresses, phone numbers, birth dates, client IP address, payment methods, and encrypted passwords.
"The data the server stored was Full name, e-mail, password, pay-TV package data (Sky Brazil), client ip addresses, personal addresses, payment methods," Castro told BleepingComputer. "Among other information the model of the device, serial numbers of the device that is in the customer's home, and also the log files of the whole platform." [1]

Data & Leads Inc (supuesto)

An ElasticSearch server database containing the information of nearly 57 million U.S. residents was found to have been left exposed without a password.
On November 20, 2018, Bob Diachenko, director of cyber risk research for Hacken, which also discovered the Kars4Kids leak, discovered the breach while conducting a security audit of publicly available servers with the Shodan search engine, according to a Nov. 28 blog post.
The data base was first indexed by Shodan on November 14, 2018 and contained the information including first and last names, employers, job titles, email, addresses, state, zip codes, phone numbers, and IP addresses. Diachenko also reportedly discovered a second cached database named "Yellow Pages," which reportedly held an additional 25,917,820 records, which appeared to be business entries. 
While the source of the leak was not immediately identifiable, the structure of the field ‘source’ in data fields is similar to those used by a data management company Data & Leads Inc. However, we weren’t able to get in touch with their representatives.
Moreover, shortly before this publication Data & Leads website went offline and now is unavailable. [2]

Referencias

  1. https://www.scworld.com/news/sky-brasil-one-of-the-biggest-subscription-television-services-in-brazil-is-the-latest-elasticsearch-server-user-to-leave-its-customers-exposed-after-not-securing-the-server-with-a-password
  2. https://hackenproof.com/blog/industry-news/new-data-breach-exposes-57-million-records
Obtenido de «https://www.ingenio2010.com/index.php?title=Volcados_de_datos_de_ElasticSearch&oldid=4493»