Bob Diachenko from Comparitech discovered an unprotected Elasticsearch database that was exposing information from residents in Chicago, San Diego, and Los Angeles and was accessible for a month. The database included information from around 35 million people that was gathered between 2010 and May of 2021 and simply required a web browser and a valid URL to access it. An owner of the database could not be identified but it’s believed that a marketing company may have left the information exposed. The server where the database was located was hosted by Amazon Web Services and since a proper owner could not be identified, Amazon stepped in and took the server down. Prior to the server being no longer accessible, information like gender, full names, ethnicities, dates of birth, marital status, email addresses, contact information, residential addresses, assets, shopping habits, media preferences, pet ownership details, hobbies, interests, estimated income, and net worth could be found.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased