Exposed Elasticsearch Database Compromises Data on 8M People
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
Another day, another unsecured database. An unprotected Elasticsearch database exposed information belonging to eight million people in the United States who submitted their personal details as part of online sweepstakes entries, surveys, and free product sample requests.
Survey websites typically offer samples, prizes, or contest entries in exchange for personal data that's later used in marketing campaigns, BleepingComputer reports. The information collected by one organization was kept in an Elasticsearch database, which was found unprotected by security researcher Sanyam Jain. It contained data including the full names, physical and email addresses, phone numbers, birthdates, gender, and IP addresses of individuals who entered their info on survey sites.
Further investigation by Jain showed the site belonged to PathEvolution, an online marketing firm owned by Ifficient, another marketing company. Ifficient secured the database when contacted by Amazon, which Jain reached out to when contacting PathEvolution proved difficult. The business says it doesn't capture or store social security numbers, drivers license numbers, state ID numbers, or financial account or payment card numbers in its database.
Ifficient also reports that due to a high number of duplicate records, the amount of records affected is lower than the 130 million that Jain saw in the Elasticsearch database.
Read more details here.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
About the Author
You May Also Like