A British Security Company Leaks Five Billion Records Online (Update)

  • A UK security firm has exposed 5.5 billion records online via an unprotected database.
  • The data concern known and previously disclosed leaks that were used for security purposes.
  • This incident still could have given actors the opportunity to steal "cleaned" and organized dumps.

Researcher Bob Diachenko has found yet another unprotected Elasticsearch instance online, containing a collection of reported data breaches. In total, the leaking database contained more than five billion records laid out in a well-structured form, with the cluster having two collections given the name “leaks_v1” and “leaks_v2”. So, it appears the company that managed the database had collected these records from security incidents that occurred between 2012 and 2019, then organized the data, and stored it for their own purposes. The main problem here is that the security firm leaked the data again, and these records were reintroduced online in a form that hackers would celebrate to have.

The owner of the database is a British security company dealing with threat intelligence, incident response, and phishing simulation. The database was first indexed on March 15, 2020, and Diachenko found it a day after. He alerted the company immediately, but they did not respond quickly to acknowledge the incident. Still, the database went offline within an hour following the notification, so the impact of the re-exposure was at least kept to a minimum.

The types of data that was included in each data entry were the following:

  • hashtype (the way a password was presented: MD5/hash/plaintext etc.)
  • leak date (year)
  • password (hashed, encrypted or plaintext, depending on the leak)
  • email
  • email domain
  • source of the leak

database_entries
Source: Security Discovery

The most prominent sources of leak that the researcher could confirm by analyzing the data were: Adobe, Last.fm, Twitter, LinkedIn, Tumblr, and VK. It is almost certain that there are more notable leak sources in there, but analyzing 5.5 billion records isn’t exactly a walk in the park. That is especially the case when one of the collections, “leaks_v2”, was updated in real-time, being fed with more data from leaks that occur. Possibly, the security company is monitoring dark web marketplaces and forums, grabbing dumps, and adding them to their database. Hopefully, they do it for research, reporting, and protection purposes. Allegedly, no customer data had been exposed or breached.

Although the firm maintains an active presence on social media, they have made no statements about the discovery. There’s an ample amount of irony going on here, as a security firm should know better when it comes to protecting Elasticsearch instances. Even if the exposed information isn't fresh, re-leaking it in a very usable form is a mistake that we would expect a different kind of entity to do.

REVIEW OVERVIEW

Latest

How to Watch Rooms We Love Online From Anywhere

A new lovely series focusing on beautiful houses and great interior designers is set to soon premiere, this time with an emphasis...

How to Watch Elizabeth: A Portrait in Parts Online From Anywhere – Stream the Queen Elizabeth II Documentary

Elizabeth: A Portrait in Part(s) is a documentary on the life of Queen Elizabeth II, the longest-lived, longest-reigning British monarch and longest-serving...

How to Watch Shoresy Online From Anywhere: Stream the Letterkenny Spin-Off Series

Shoresy is the foul-mouthed, chirp-serving, mother-loving, fan-favorite character, and this show sees him join a senior AAA hockey team in Sudbury on...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari