Threat Watch

Mastodon User Information Being Exposed on Elasticsearch Server

User information for the open-source social networking software Mastodon is currently being exposed by an active Elasticsearch server that is not associated with the software. The server is scraping posts and public account information and over 150,000 Mastodon users have been affected thus far. Security researcher Anurag Sen discovered the server on November 15th and said he was unsure how long it had been operating and collecting data. Affected information includes account names, display names, profile pictures, following count, follower count, and last status update. Since the owner of the server is unknown at this time, the number of users who are affected will likely increase.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

At this time, email addresses and passwords of Mastodon users have not been affected. This could change in the future depending on the server owner’s intent and capability. Mastodon users should remain vigilant and cautious about what they post on the platform.

https://www.hackread.com/leaky-server-mastodon-users-data

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support