Blog

Data On Millions Of Americans Leaked Through Open Server 

Dec 13, 2018 | Blog

Bob Diachenko, the Director of Cyber Risk Research for Hacken, recently made a disturbing discovery.  He found an ElasticSearch server open and vulnerable on the internet, without so much as a password to protect it.

Unfortunately, the server was leaking a staggering 73GB of data and had a number of databases cached inside the server’s memory.  In one of those databases, Diachenko discovered more than 56 million records containing personally identifiable information belonging to US citizens around the country.

In the majority of cases, the exposed information was limited to:

  • Full name
  • Email address
  • Street address (including Zip Code)
  • Phone number or numbers
  • IP addresses

Sadly, to an even moderately talented hacker, that’s more than enough information to fake someone’s identity. That means the data has real value on the Dark Web and may be being sold off as you read these words.

Another of the databases contained nearly twenty-six million records containing business information.

In this case, the exposed information included:

  • Company name and brief description
  • Zip codes and carrier routes
  • Latitude and longitude coordinates
  • Census tracts
  • Website addresses
  • Email addresses
  • Employee headcounts
  • Revenue numbers
  • Phone numbers
  • SIC codes
  • NAICS codes
  • And the like

Diachenko made the discovery on November 20th, but upon further research discovered that it had actually been indexed by Shoddan on November 14th.  He was not able to determine who owned the exposed server, but based on a few breadcrumbs he did find, he concluded that it’s likely owned by the Canadian data firm “Data and Leads,” or that the company is at least indirectly connected to the server somehow.

The firm did not respond to inquiries made by Diachenko, or later, by ZDNet. Shortly after those requests for comment were made, the company’s website mysteriously went down.

The apparent cause of this breach is the same thing that’s caused other recent ElasticSearch breaches.  In a shocking number of cases, admins don’t bother to set up passwords for their servers, which they later leave exposed on the internet.  An easy problem to fix, but it begs the question:  Are your servers password protected?

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech