While most security breaches or data leak incidents involve new data, the recent event has exposed already breached data. As revealed, a UK-based security firm Keepnet Labs has left a database exposed online that leaked over 5 billion records.
Keepnet Labs Data Leaked
Reportedly, security researcher Bob Diachenko has discovered another leaky Elasticsearch database. While that is nothing new, what makes the current findings peculiar is that this leaky database belonged to a security firm.
Specifically, the unprotected database linked back to a UK-based security company Keepnet Labs, which leaked the data publicly. Diachenko could identify the owner of the database through their SSL certificate and reverse DNS.
Ironically, the breached data included previously breached records spanning seven years (2012-2019). The researcher could view two different collections in the cluster; leaks_v1, with 5,088,635,374 records, and leaks_v2 with over 15 million records. He deemed the data ‘well-structured’ that included emails, email domains, passwords, and their hash types, year of the data leak, and the source. Some of the prominent sources included Twitter, LinkedIn, Adobe, Last.fm, Tumblr, and VK.
Database Now Offline
Upon finding the leaky database, the researcher traced the owners and alerted them of the matter. Fortunately, the database went offline within one hour of the report. However, he didn’t hear back from the firm.
While the database is now offline, the structured information of already exposed data posed a significant threat to the individuals. Perhaps, it becomes much easier for any perpetrator to exploit such explicit and structured information for malicious activities such as scams and phishing attacks.
Recently, the vendors behind the Blisk browser, tailored for developers, also left 2.9 million records online on an unsecured Elasticsearch database. Around the same time, Aerial Direct, the largest UK partner of telecom firm O2 also suffered a security breach exposing the information of thousands of customers spanning six years.
Let us know your thoughts in the comments.