This article has been indexed from Softpedia News / Security
Elasticsearch’s database was improperly configured and left unsecured, with no authentication whatsoever, making it easily accessible by a threat actor who just had to enter a valid URL in a browser, according to Hack Read.
Comparitech’s report revealed information about an unsecured marketing database that exposed personal data of 35 million U.S. citizens in Los Angeles, San Diego, and Chicago. The database’s ownership is unknown at this time. The report points out that the information was gathered over a period of 11 years, from the beginning of 2010 and May this year.
The Elasticsearch database was not password-protected, making it available to anyone who had a web browser and wanted to look up the information. Bob Diachenko, the Head of Securit…
Read the original article: Unsecured Database Exposes Personal Data of 35M U.S. Citizens