Sonrai Security website logo for identity and data governance and cloud security

ElasticSearch Database Leads to Data Breach

Author: Sonrai Security Marketing | Date: May 23, 2019
Read Time: 2 minutes
Skill Level: Learner
Skill Level: Learner
Cloud Security Data Breach Blog image from Sonrai Security including Amazon s3 bucket EC2

A popular job recruitment database accidentally leaked 13 million records late last year. The data leaked contained user names, addresses, emails, phone numbers and employment histories. In addition, user preferences were also exposed; previous jobs, salaries, desired industries, and more. If that wasn’t frightening enough the data was stored on AWS hosted ElasticSearch database without any password protection. 

Unfortunately, misconfiguring a cloud database or storage container can have massive consequences. The lack of password protection effectively allows for anyone and everyone to view the data. Luckily for this job site the leak was found by a very diligent member of the non-profit GDI foundation. Data leaks due to misconfiguration have become increasingly common as more and more companies shift to the cloud. This is a case of a simple human error, forgetting to password protect the database, leading to devastating consequences.

Based on what happened, it can be assumed that a developer tweaked the configuration to fix a bug, and when the application began working, they simply moved on and forgot to password protect the ElasticSearch server. It is commonplace for attackers to hyper focus in on organizations issuing new rollouts. Enterprises can protect themselves by taking advantage of cloud-native capabilities to help combat human error and mistakes such as this, but these tools aren't always enough.

Employee education is a top priority when dealing with secure cloud data. Making sure every employee on the team knows what aspects of the cloud fall under their responsibility is crucial in having a successful and secure operation. Unauthorized access due diligence, utilizing the right tools to manage access policies, and being consistent is key to mitigating risk. One of the main concerns with the exposed records in this situation is that it was discovered by GDI and not the company itself. Having such a large presence on the cloud, the company should have a security protocol and best practices in place to detect identity and data drift. This will help in gaining end-to-end visibility into the environment to spot and remedy situations quickly. 

Exposed data due to misconfiguration is becoming all too common. As companies scale and expand their cloud presence, it is important to ensure the proper tools and training are in place.

Learn more about this ElasticSearch data breach on TechCrunch. 

5 notorious cloud data breaches

You Might Also Like

Data Breach Is Result Of A Failed Cloud Security Strategy

In mid January 2020, one of the largest hotel conglomerates in the world experienced a massive data breach. Over 5.[...]

Read More

Data Breach Found From Engineer Misstep

Data breach crisis and private personal information break as an internet digital technology security concept for comput[...]

Read More

Lessons We Learned From The CIA Data Breach

CIA cyber weapons were stolen in 2016 in a historic breach due to 'woefully lax security,' according to a story pub[...]

Read More