Last autumn, a private database appeared on the internet. Hacken’s specialists did not identify the source of the leak, but after conducting an audit of unprotected storage facilities, they assumed that the bases were compromised by a Canadian company. The company has not commented.
The ElasticSearch server was not password protected and contained more than 73 GB of data. This is not the first case of leakage of confidential information through open ElasticSearch servers. The head of cybersecurity research at Hacken believes that hackers are constantly scanning the web with the help of the search engine Shodan.
Any user could access the following information:
• full name;
• email;
• phone number;
• address;
• professional skills;
• places of work;
• IP address.
It is worth noting that copying and saving information from a public profile is not prohibited by law. The attackers could use the data to search for users in other databases, as well as to conduct phishing attacks which the victim could not recognize. Today, this personal data is no longer available online.