User information for the open-source social networking software Mastodon is currently being exposed by an active Elasticsearch server that is not associated with the software. The server is scraping posts and public account information and over 150,000 Mastodon users have been affected thus far. Security researcher Anurag Sen discovered the server on November 15th and said he was unsure how long it had been operating and collecting data. Affected information includes account names, display names, profile pictures, following count, follower count, and last status update. Since the owner of the server is unknown at this time, the number of users who are affected will likely increase.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in