A misconfigured Elasticsearch server holding 1.12 terabytes of knowledge was leaking greater than 6 billion data to public entry with none safety authentication or password. The server, apparently operated from Russia or a Russian-speaking nation, contained detailed data collected via knowledge breaches, web site scraping and different sources earlier than it was taken offline.
This was revealed solely to Hackread.com by unbiased cybersecurity researcher Anurag Sen, who initially noticed the uncovered server. It stays unclear how lengthy the information was uncovered.
The screenshot under reveals particulars of the uncovered Elasticsearch server. The server’s index data revealed a complete dimension of 1.12 terabytes containing over 6.19 billion data, confirming the dimensions of the information publicity. Delicate server identifiers have been redacted for safety causes.
What’s Within the Information
Though restricted particulars can be found, one of many screenshots from the uncovered server confirmed data from a Ukrainian financial institution referred to as Accordbank, formally referred to as “Industrial Financial institution Accordbank.” Inside, the researcher discovered a trove of banking, contact, and personally identifiable data (PII) of customers saved in JSON format, together with:
- Full names
- Telephone numbers
- Date and homeland
- Nationwide ID quantity or tax code
- Passport numbers and issuing authority
- Deal with (together with metropolis and road particulars.
(Be aware: Since different databases are concerned, there’s a probability they might include further knowledge, together with passwords.)
Here’s a screenshot displaying the construction of the uncovered data linked to Accordbank. The unique picture is proven together with its English translation (by way of Yandex Picture Translator) for higher understanding:
Moreover, the uncovered server additionally listed databases and consumer particulars gathered from each introduced and unannounced knowledge breaches, together with data extracted via web site scraping. This was confirmed by the researcher who examined the server earlier than it was taken offline, though screenshots of these particular datasets couldn’t be obtained in time.
Cybercriminals Leaking Their Personal Server?
This can be a case of cybercriminals by chance exposing their very own knowledge after which securing it as soon as they realised their mistake. Nevertheless, this isn’t the primary time such an incident has occurred.
In December 2024, as reported by Hackread.com, researchers discovered a misconfigured AWS S3 bucket believed to belong to the hacker teams ShinyHunters and Nemesis, who have been allegedly working collectively on the time. The bucket contained stolen knowledge, hacking instruments, and even potential details about the hackers themselves, which was later reported to the AWS fraud crew.
Server Might Have Been Accessed by Different Cybercriminals
Whereas Sen couldn’t verify whether or not the misconfigured server was accessed by a 3rd celebration with malicious intent, Hackread.com’s personal analysis suggests potential indicators {that a} server owned by cybercriminals might have been accessed by different cybercriminals.
Through the investigation, Hackread.com discovered a thread on DarkForums, the successor to the now-defunct Breach Boards, the place a consumer going by the alias “tRex_Prime” was providing knowledge data unfold throughout greater than 6,000 CSV recordsdata. The thread was titled “6k+ CSV Leak Database,” detailing 2,356 recordsdata with names. Every CSV file was labelled with both an organization identify or a tag indicating what the information belonged to.
Among the many listed recordsdata was one named Accordbank (accordbank.com.ua.csv). Since there are not any public reviews linking Accordbank to any earlier knowledge breaches, it’s cheap to imagine that these 6,000+ CSV recordsdata have been extracted from the misconfigured Elasticsearch server containing 1.12 terabytes of knowledge.
Hackread.com tried to contact “tRex_Prime,” however their Telegram account was unavailable on the time of writing, and their discussion board profile had been banned for “promoting public databases.“ The listing of two,356 recordsdata is obtainable right here (PDF).
What Customers Ought to Do
Sadly, Hackread.com can’t verify all the businesses or people whose knowledge might have been included among the many 6 billion data. Nevertheless, the most secure method is to observe your e mail accounts, keep away from clicking on hyperlinks or downloading attachments from unknown senders, and ignore suspicious messages despatched to your telephone.
Within the coming days, in case you hear a couple of knowledge breach involving Accordbank, this publicity might clarify its potential origin. Accordbank customers are subsequently urged to take additional warning, contact the financial institution, and inquire about any potential breach of privateness or private knowledge.
