Exposed Elasticsearch Database Compromises Data on 8M People

Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.

Dark Reading Staff, Dark Reading

May 17, 2019

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Another day, another unsecured database. An unprotected Elasticsearch database exposed information belonging to eight million people in the United States who submitted their personal details as part of online sweepstakes entries, surveys, and free product sample requests.

Survey websites typically offer samples, prizes, or contest entries in exchange for personal data that's later used in marketing campaigns, BleepingComputer reports. The information collected by one organization was kept in an Elasticsearch database, which was found unprotected by security researcher Sanyam Jain. It contained data including the full names, physical and email addresses, phone numbers, birthdates, gender, and IP addresses of individuals who entered their info on survey sites.

Further investigation by Jain showed the site belonged to PathEvolution, an online marketing firm owned by Ifficient, another marketing company. Ifficient secured the database when contacted by Amazon, which Jain reached out to when contacting PathEvolution proved difficult. The business says it doesn't capture or store social security numbers, drivers license numbers, state ID numbers, or financial account or payment card numbers in its database.

Ifficient also reports that due to a high number of duplicate records, the amount of records affected is lower than the 130 million that Jain saw in the Elasticsearch database.

Read more details here.

INT19-Logo-HorizDates-3035.png

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights