Exposed Elasticsearch Database Compromises Data on 8M People

  /     /     /  
Publicated : 23/11/2024   Category : security


Exposed Elasticsearch Database Compromises Data on 8M People


Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.



Another day, another unsecured database. An unprotected Elasticsearch database exposed information belonging to eight million people in the United States who submitted their personal details as part of online sweepstakes entries, surveys, and free product sample requests.
Survey websites typically offer samples, prizes, or contest entries in exchange for personal data thats later used in marketing campaigns, BleepingComputer reports. The information collected by one organization was kept in an Elasticsearch database, which was found unprotected by security researcher Sanyam Jain. It contained data including the full names, physical and email addresses, phone numbers, birthdates, gender, and IP addresses of individuals who entered their info on survey sites.
Further investigation by Jain showed the site belonged to PathEvolution, an online marketing firm owned by Ifficient, another marketing company. Ifficient secured the database when contacted by Amazon, which Jain reached out to when contacting PathEvolution proved difficult. The business says it doesnt capture or store social security numbers, drivers license numbers, state ID numbers, or financial account or payment card numbers in its database.
Ifficient also reports that due to a high number of duplicate records, the amount of records affected is lower than the 130 million that Jain saw in the Elasticsearch database.
Read more details
here
.
 
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Exposed Elasticsearch Database Compromises Data on 8M People