ElasticSearch Server Exposed the Personal Data of Over 57 Million US Citizens
(Nov 28, 2018)
Bob Diachenko, Director of Cyber Risk Research for HackenProof, discovered a publicly accessible ElasticSearch server that contained Personally Identifiable Information (PII) associated to approximately 57 million US citizens. The server was identified on November 20, 2018, and is believed to have been left publicly accessible since at least November 14. The ElasticSearch server contained over 73 gigabytes of data consisting of 56,934,021 records. These records contained information such as: email address, first name, home address, IP address, last name, phone number, state, and ZIP code. In addition, it was also discovered that the server contained a cached database called “Yellow Pages” that contained an additional 25,917,820 records. These records are believed to be business entries and contained information including: carrier routes, company details, company name, census tracts, email addresses, employee counts, latitude/longitude coordinates, North American Industry Classification System (NAIC) codes, Standard Industrial Classification (SIC) codes, and web addresses, among others. At the time of this writing it is unclear who owns this server, but Diachenko believes that it is owned by the Canadian Data forum “Data & Leads.”
Recommendation: The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measure to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.