- Upguard finds unprotected ElasticSearch -Bill that belongs to Leakage Zone
- The occurrence contained millions of IP addresses
- Leaking zone is a known underground forum with a large number of users
In a moment of poetic irony, an underground “leaking and cracking forum” IP addresses for all its logged users, essentially, essentially did to all – security researchers, rival criminals – and especially law enforcement.
Upguard security researchers found an exposed ElasticSearch database available to anyone who knew where to see. Deeper analysis determined that the database belonged to leaking zone, an underground forum where cyber criminals advertise and share stolen archives, credentials and software.
It contained more than 22 million items – IP addresses and precise timestamps on when the user logged in. The database is also quite fresh, with the archive apparently updated in real time, as well as indicating whether there is a chance that a user who is logged in using an anonymization tool, such as a proxy or a VPN.
Exposed cases – everywhere
It is impossible to say how long the archive remained open and if anyone discovered it before Upguard did.
We also do not know how many people were exposed in this event, but allegedly the forum has approx. 100,000 members. In any case, it has since been locked down and is no longer available.
The researchers also could not determine the reason why the database was exposed to.
Usually it is down to human error – Administrators just forget to set a password or otherwise encrypt it. In fact, exposed databases continue to be the leading cause of data leaks – among legitimate and illegal organizations.
For years, researchers have warned that Cloud is working on a shared responsibility model – something that many of that team does not seem to be aware of.
Some companies believe that the protection of the cloud infrastructure is the task of the service provider – leaving the back door open to cyber criminals.
Via Techcrunch
