More than 3.8 billion records have been exposed after digital protection firm DarkBeam left an interface containing the exposed records unprotected.
The leak was discovered on September 18 by CEO of cyber security news site SecurityDiscovery, Bob Diachenko, who alerted DarkBeam to the leak. The digital protection firm immediately addressed the vulnerability and closed the leak after being alerted to the fact.
DarkBeam had been collecting the data to alert its customers in the case of a data breach, meaning the data exposed was data already leaked in prior cyber attacks. Of the data leaked, there were 16 collections named ‘email 0-9′ and ‘email A-F’ which represented 239,635,000 pairs of login credentials.
A sample of the leaked data. Source: SecurityDiscovery.
The data leak was caused by leaving a Elasticsearch and Kibana data visualization interface unportected, allowing access to the confidential data held within it. Speaking to cyber security site Cybernews about the data leak, Dianchenko noted that data leaks like this are usually down to “human error”, for example employees forgetting to password-protect data after maintenance is done.
DarkBeam has not yet publicly addressed the situation.