Billions of user records, combinations of usernames and passwords compromised in earlier data breaches, were left unprotected in an online database, available to anyone who knew where to look.
This is according to a new report from Cybernews, citing CEO of SecurityDiscovery, Bob Diachenko. Apparently, a digital risk protection firm called DarkBeam was collecting credentials stolen in both reported and non-reported data breaches, to notify the affected individuals. But the database was easy to find, it seems, with a little help from Elasticsearch and Kibana (a database system and a specialized search engine).
Diachenko found a database containing more than 3.8 billion records. Soon afterward, he contacted DarkBeam who managed to quickly lock the doors and protect the database. There’s no word if any threat actors found the database before the researchers, though.
Identity theft galore
The database contained, among other things, 16 collections named “email 0-9” and “email A-F”, each holding almost 240 million records. It seems to have been well organized, and if any hackers had obtained it, they would have gotten a treasure trove of sensitive data, perfect for phishing, identity theft, wire fraud, and other cybercriminal activity.
Exposed databases mostly happen due to human error, but they’re also one of the most common instances of data leaks. Throughout the years there have been countless such events including, most recently, an unlocked Microsoft Azure cloud storage database that hosted sensitive information on hundreds of people. That database, which belonged to Microsoft’s researchers working on Artificial Intelligence, held private keys and passwords. The good news is that the database was locked before any hackers could get to it.
The database was discovered by cybersecurity researchers from Wiz, who said they found a Microsoft GitHub repository with open-source code for AI models, to be used for image recognition. The models were hosted on an Azure Storage URL, but due to obvious human error, the storage also held data that no one should have access to.
A 2021 IBM report found that 19% of data breaches happen because IT teams fail to properly protect the assets found within their cloud infrastructure.