- Upguard finds an unprotected Elasticsearch instance belonging to the flight area
- The body contained millions of IP addresses
- The leak area is a known underground forum with a large number of users
In a moment of poetic irony, an “underground leakage and cracking forum” exposed the IP addresses of all its connected users, essentially with everyone – security researchers, rival criminals – and above all, the application of the law.
Upguard safety researchers have found an exposed Elasticsearch database, accessible to all those who knew where to look for. A more in -depth analysis determined that the database belonged to the leak area, an underground forum where cybercriminals announce and share archives, identification information and stolen software.
It contained more than 22 million records – IP addresses and precise horoding of the moment when the user connected.
Exposed instances – everywhere
It is impossible to say for how long the archives have remained open, and if someone discovered it before Gust healed.
We also do not know how many people have been exhibited in this incident, but the forum has around 100,000 members. In any case, it has since been locked and is no longer accessible.
The researchers were able to determine the cause of the database exposure either.
Usually, it is due to human error – the administrators simply forget to define a password or to encrypt it differently. In fact, the databases exposed continue to be the main cause of data leaks – among legitimate and illegal organizations.
For years, researchers warn that Cloud has been working on a shared model of responsibility – something that many IT teams do not seem to be aware.
Some companies believe that securing the cloud infrastructure is the task of the service provider – leave the rear door wide open to cybercriminals.
Via Techcrunch
