- Security researchers have found an Elasticsearch index with millions of entries
- The database contained personal information on millions of Georgians
- He was traced to an unnamed German cloud supplier
A German Cloud service provider has involuntarily exposed sensitive data on probably the whole population of Georgia, say the safety researchers.
Cybersecurity expert Bob Dyachenko, from Securitydiscovery.com, said recently discovered an Elasticsearch index protected by cycle words containing a “wide range of sensitive personal details” belonging to the Georgians. The index hosted two indices, one with almost five million personal data records and another with more than seven million.
Given that the whole population of Georgia has less than four million people, it is sure to assume that even with many double entries, all its citizens could be at risk of identity, phishing, etc.
Leak
The archives contained identification numbers for people, complete names, birth dates, sexes, telephone numbers and other sensitive information.
“The data seems to have been collected or aggregated from several sources, including potentially government or commercial data and number identification services,” said Dyachenko.
The researchers traced the body to a server belonging to a German cloud service provider. The researchers did not appoint the company and said that the server had been released “shortly after the discovery”. It was not clear if the company was informed of the leak. Therefore, we also do not know if threat actors have found the archives in the meantime and if the data had been exfiltrated elsewhere.
“Without clarity on data ownership, the appeal for affected people is limited and it remains difficult to apply data protection laws or request responsibility,” said the researcher. “This leak highlights the complexities of protection and cross -border data regulations.”
Via Cyberness
