Login

Register

Login

Register


A London-based cybersecurity vendor appears to have leaked a massive database of previously breached user information dating back seven years.

Researcher Bob Diachenko found the unsecured Elasticsearch instance on March 15. It contained two collections, one with 15 million records updating in real-time, and another containing nearly 5.1 billion.

He claimed the data was well structured and featured hash type, leak date, password, email, email domain and source of the original breach. Passwords were hashed, encrypted and/or in plain text depending on the incident in question.

The data spanned several years of breaches, from 2012 to last year, and apparently included some notable scalps such as Adobe, Last.fm, Twitter, LinkedIn, Tumblr and VK.

According to Diachenko, the SSL certificate and reverse DNS record check revealed that the publicly available Elasticsearch instance was managed by UK security vendor Keepnet Labs.

Although the firm apparently didn’t reply to his initial security alert, the database was secured just an hour after it was sent.

“Even though most of the data seems to be collected from previously known sources, such large and structured collection of data would pose a clear risk to people whose data was exposed. An identity thief or phishing actor couldn’t ask for a better payload,” argued Diachenko.

“Fraudsters might target affected people with scams and phishing campaigns, using their personal information to craft targeted messages.”

Major data leaks of this sort are becoming increasingly common, as configuration errors lead to unintended consequences.

In November last year, Diachenko and researcher Vinny Troia discovered an exposed Elasticsearch server containing personal information on over one billion consumers harvested by two data enrichment firms.

A month later, a massive 890GB database containing over one million highly sensitive web browsing records was leaked by a South African IT company.

Also in December 2019, Diachenko found an unsecured Elasticsearch database containing over one billion “combo” lists of breached passwords and emails.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW