InfoSecurity Magazine: Office Depot Europe Configuration Error Exposes One Million Records. “Among the 974,000 unencrypted records found in the database were customer names, phone numbers, home and office addresses, @members.ebay addresses, marketplace logs, order histories and hashed passwords.”
InfoSecurity Magazine: Forex Broker Leaks Billions of Customer Records Online. “Over 20TB of sensitive customer data has been accidentally leaked online by a popular online trading broker, after it misconfigured a cloud database. Researchers at reviews site WizCase spotted the Elasticsearch server left wide open without any encryption or password protection.”
InfoSecurity: Webmaster Portal Leaks 63 Million Records. “Back in July, researchers at WebsitePlanet teamed up with Jeremiah Fowler to discover an Elasticsearch database belonging to Digital Planet that was left online without password protection, exposing nearly 63 million records. These included emails, names, internal user ID numbers, internal records and user posts related to 863,412 users of the site.”
InfoSecurity Magazine: Cosmetics Giant Avon Leaks 19 Million Records. “A misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs. Researchers at SafetyDetectives led by Anurag Sen told Infosecurity that they found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption.”
The Register: Time to check who left their database open and leaked 7.5m customer records: Hi there, Adobe Creative Cloud!
The Register: Time to check who left their database open and leaked 7.5m customer records: Hi there, Adobe Creative Cloud!. “Adobe has pulled offline a public-facing poorly secured Elasticsearch database containing information on 7.5 million Creative Cloud customers. The cloud-based silo was uncovered by infosec detective Bob Diachenko, who reported it to Adobe last week.”
SC Magazine: Exposed server leaks PII on all 16.6 million Ecuador citizens. “If another leaky Elasticsearch server may seem a little anticlimactic, considering how frequently they occur, the latest find by security researchers might have more of a ‘wow’ factor since it exposed information on nearly all of Ecuador’s 16.6 million citizens, 6.7 million of them children.”
Computing: Honda’s unsecured database exposes 134 million documents with 40GB worth of information. “An unsecured Elasticsearch database belonging to Honda Motor Company was found exposing sensitive information about the company’s internal systems and device data.”