In total, two misconfigured ElasticSearch servers belonging to an unknown organization exposed 359,019,902 (359 million) records which were collected using data analysis software developed by SnowPlow Analytics.
Website Planet computer security researchers have identified two exposed ElasticSearch servers belonging to an anonymous organization using open-source data analysis software developed by London, England-based software provider SnowPlow Analytics.
This software allows companies to track and store information about visitors to their site(s) seemingly without their knowledge. It should be noted that a web analytics tool can collect versatile data metrics. The data is then used to create a comprehensive and detailed profile of site visitors.
Case of misconfigured ElasticSearch servers
According to the researchers, the two ElasticSearch servers had no user encryption or authentication measures in place, meaning anyone could have accessed the data without needing a password.
The insecure and misconfigured servers ultimately exposed 359,019,902 records, which equates to approximately 579.4 GB of data. The exposed servers contained detailed web user traffic logs, including the following.
- Reference page
- Timestamp IP
- Geolocation data
- Web page visited
- User-agent data of website visitors
Details of exposed data
According to the Website Planet blog post published last week, both servers contained user data for two months in 2021. The first server included data from September 2021 with 242,728,328 records or 389.7 GB of data collected between September 2, 2021 and October 1, 2021.
The second server contained data from December 2021 comprising 116,291,574 records or 189.7 GB of data collected between December 1, 2021 and December 27, 2021.
Fifteen million users potentially affected
The research team further noted that around 4-100 user records appear on the two servers, and given that there are multiple logs for each user, this exposure could affect at least 15 million people.
It should be noted that the exposed data may allow attackers to locate people using server logs of user profiles and filter users by their IP addresses. This means that the leaked information may allow attackers to obtain detailed details about each user’s digital journey, such as web browsing preferences and other activities.
Additionally, the servers were up and actively updating new information at the time it was discovered. However, neither ElasticSearch nor SnowPlow Analytics are responsible for this exposure because the company that owns the misconfigured servers is at fault.
Data exposure can have a huge impact as users around the world are impacted by this exposure. However, it is unclear whether the servers were accessed by a third party with malicious intent or not.
However, at the time of this article’s publication, the two exposed servers were secure after Website Planet sent alerts to the relevant authorities.
More news about ElasticSearch servers
- US and China Exposed Most Databases in 2021
- The Telegraph newspaper unveiled 10TB of subscriber data
- Leaked Database Exposes Fake Amazon Product Reviews
- US government’s secret terrorist watch list with 2 million records exposed online
- Stripchat database mess exposes 200 million adult cam models and user data