- Security researchers found an Elasticsearch index with millions of entries
- The database contained personal information on millions of Georgians
- It was traced back to an unnamed German cloud provider
A German cloud service provider has unintentionally exposed sensitive data on probably the entire population of Georgia, security researchers are saying.
Cybersecurity expert Bob Dyachenko, of SecurityDiscovery.com said they recently discovered an non-password-protected Elasticsearch index containing a “wide range of sensitive personal details” belonging to Georgians. The index hosted two indices, one with almost five million personal data records, and another with more than seven million.
Given that the entire population of Georgia counts less than four million people, it’s safe to assume that even with numerous duplicate entries, all of its citizens could be at risk of identity theft, phishing, and more.
Shutting down the leak
The archives contained people’s ID numbers, full names, birth dates, genders, phone numbers, and other sensitive information.
“The data appears to have been collected or aggregated from multiple sources, potentially including governmental or commercial data sets and number identification services,” Dyachenko said.
The researchers traced the instance back to a server owned by a German cloud service provider. The researchers did not name the company, and said that the server was taken offline “shortly after discovery”. It was left unclear if the company was notified of the leak. Therefore, we also don’t know if any threat actors found the archives in the meantime, and if the data had been exfiltrated elsewhere.
“Without clarity on data ownership, recourse for affected individuals is limited, and it remains challenging to enforce data protection laws or seek accountability,” the researcher said. “This leak highlights the complexities of cross-border data protection and regulation.”
Via Cybernews
You might also like
- Huge data breach exposes over 600,000 records, including background checks, vehicle, and property records
- Here's a list of the best antivirus tools on offer
- These are the best endpoint protection tools right now
