After leaving one of their ElasticSearch servers without a password, thirty-two million Sky customers are now part of a massive breach. Although it is unknown how long the server has been opened, it is believed to have been indexed since October. The file contained API information such as 28.7GB of log files and 429.GB of API data from not only personal customers, but business customers as well. Names, home addresses, phone numbers, birth dates, billing details, and encrypted passwords were all viewable. The server now has a password even though the data is indexed. In the past few months, it has been no surprise to see that ElasticSearch has been flagged as vulnerable due to the number of leaks and breaches at the hands of their servers. Even though ElasticSearch servers are only designed to be used in internal networks, there are ways that they could better accommodate a broader spectrum of uses.
Analyst Notes
If users run ElasticSearch it is highly suggested to perform the necessary backups of data to a more secure location. Users can also modify their environment to run ElasticSearch on a non-routable network. Or on the other hand, limit access to the group from the Internet by means of a firewall, VPN, or reverse proxy amongst other things.
