Dutch domain registrar Openprovider had almost 164 GB of internal and customer data accidentally exposed for three months as a result of a misconfigured Elasticsearch instance, putting the security of millions of domains at risk, according to Cybernews.
Aside from leaking domain registration data, internal response payloads, customer actions, and domain transfer authentication codes, such an unprotected database which has already been secured also revealed customers' usernames, addresses, phone numbers, reseller IDs, WHOIS privacy status, and raw domain provisioning records, a report from SecurityDiscovery researcher Bob Diachenko and the Cybernews research team showed. Potential hacker compromise of the exposed Elasticsearch instance could have had devastating effects, said Cybernews researchers. "Unredacted domain registration records would be super useful for targeted cyberattacks. Hackers could identify websites belonging to the same developers, which usually means that the same vulnerabilities would exist across them," researchers added.
Aside from leaking domain registration data, internal response payloads, customer actions, and domain transfer authentication codes, such an unprotected database which has already been secured also revealed customers' usernames, addresses, phone numbers, reseller IDs, WHOIS privacy status, and raw domain provisioning records, a report from SecurityDiscovery researcher Bob Diachenko and the Cybernews research team showed. Potential hacker compromise of the exposed Elasticsearch instance could have had devastating effects, said Cybernews researchers. "Unredacted domain registration records would be super useful for targeted cyberattacks. Hackers could identify websites belonging to the same developers, which usually means that the same vulnerabilities would exist across them," researchers added.
