ElasticSearch Database Leads to Data Breach

Data Breach Skill Level: Learner
Reading Time: 2 minutes
Cloud Security Data Breach Blog image from Sonrai Security including Amazon s3 bucket EC2 amazon s3 vulnerabilities

A popular job recruitment database accidentally leaked 13 million records late last year. The data leaked contained user names, addresses, emails, phone numbers and employment histories. In addition, user preferences were also exposed; previous jobs, salaries, desired industries, and more. If that wasn’t frightening enough the data was stored on AWS hosted ElasticSearch database without any password protection. 

Unfortunately, misconfiguring a cloud database or storage container can have massive consequences. The lack of password protection effectively allows for anyone and everyone to view the data. Luckily for this job site the leak was found by a very diligent member of the non-profit GDI foundation. Data leaks due to misconfiguration have become increasingly common as more and more companies shift to the cloud. This is a case of a simple human error, forgetting to password protect the database, leading to devastating consequences.

Based on what happened, it can be assumed that a developer tweaked the configuration to fix a bug, and when the application began working, they simply moved on and forgot to password protect the ElasticSearch server. It is commonplace for attackers to hyper focus in on organizations issuing new rollouts. Enterprises can protect themselves by taking advantage of cloud-native capabilities to help combat human error and mistakes such as this, but these tools aren’t always enough.

Employee education is a top priority when dealing with secure cloud data. Making sure every employee on the team knows what aspects of the cloud fall under their responsibility is crucial in having a successful and secure operation. Unauthorized access due diligence, utilizing the right tools to manage access policies, and being consistent is key to mitigating risk. One of the main concerns with the exposed records in this situation is that it was discovered by GDI and not the company itself. Having such a large presence on the cloud, the company should have a security protocol and best practices in place to detect identity and data drift. This will help in gaining end-to-end visibility into the environment to spot and remedy situations quickly. 

Exposed data due to misconfiguration is becoming all too common. As companies scale and expand their cloud presence, it is important to ensure the proper tools and training are in place.

Learn more about this ElasticSearch data breach on TechCrunch. 

5 notorious cloud data breaches