Start Locking Down Your Elasticsearch Servers!!

As per David Baldacci “small mistakes tend to large ones. Ours is a lifetime appointment, and all you have is your reputation. Once it’s gone, it doesn’t come back”. In more precise and straightforward words, it means that a small mistake made by a company can ultimately lead to a substantial loss to them, which could be in the form of both monetary and non-monetary terms. For instance, recently, Cyble identified a data breach of the website “schoolcentre.com.au” due to an open ELK server which led to the exposure of over 2.16 million records of Australians.

Personal User Records of School Centre exposed via open ELK Server

Along with it, recently Blisk a well-known browser vendor also left its Elasticsearch server exposed online without a password which ultimately led to the exposure of around 2.9 million personal user records amounting for 3.4 GB of data. Talking about security breaches, till now, Cyble has uncovered more than 30.000 unreported data breaches which have affected more than 500 million accounts. Just recently, as per Blisk, its browser is used by more than 40000 companies which include some of the big companies such as NASA, HP, Deloitte, HP, and Xerox. So, in a way we can see that just because of a small mistake made by the Blisk company, it ultimately affected the personal records of such big companies.

Exposed Personal Details which includes email addresses and user-agent strings

In a recent report shared with ZDNet, the vpnMentor researchers Noam Rotem and Ran Locar stated that thousands of web developers all over the world were made vulnerable to online attacks and frauds due to the leakage of their details on Internet just because Blisk left an Elasticsearch server exposed online without the need of password to authenticate it. As per the online reports it is being discovered that overall the entire exposed or leaked data online could be used to target developers working for big private companies and develop malware based on the company’s user-agent strings which is a big concern for those companies at this point of time.

Not only that, but this leakage of sensitive information has affected Blisk users all across the globe. These types of information leakage not only affect the companies in monetary terms but also in non-monetary terms such as harming the company’s goodwill, affecting their customers and many more. Taking these points into consideration all the companies irrespective of their size should be focused on making themselves secure from such attacks or incidents.

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.

THIS POST HAS BEEN EXPORTED FROM OUR MEDIUM CHANNEL