"Elasticsearch Server With No Password or Encryption Leaks a Million Records"

Researchers at the security product recommendation service Safety Detectives reported discovering data on nearly a million customers exposed on an Elasticsearch server run by the Malaysian point-of-sale (POS) software vendor StoreHub. According to Safety Detectives, the StoreHub server stored unencrypted data and was not password protected. Therefore, the security researchers were able to infiltrate and access 1.7 billion records totaling more than a terabyte, describing the affairs of almost a million people. Safety Detectives noted that the exposed data included full names, phone numbers, physical addresses, email addresses, and device types. Customers' orders, as well as the locations from which they ordered and the times at which they ordered, were all exposed. Order details were found to contain partially masked credit card information. Information pertaining to StoreHub's staff was also exposed. This article continues to discuss the exposure of data stored on StoreHub's Elasticsearch server.

The Register reports "Elasticsearch Server With No Password or Encryption Leaks a Million Records"