European cloud provider Nextcloud left an unprotected database accessible on the public internet, exposing sensitive internal and client data. The exposed ElasticSearch cluster contained approximately 367,000 records, totaling 8GB of data, including employee information and client contracts, as reported by Tech Radar.The exposed data included employee emails, client company details, contracts, and scripts. Some of the information was unencrypted, making it vulnerable to unauthorized access. Security researchers at Cybernews discovered the misconfiguration in mid-May 2026 and notified Nextcloud, which secured the archive within two days. Nextcloud attributed the incident to a hosting infrastructure misconfiguration, stating that customer servers were unaffected.While Nextcloud found no evidence of unauthorized access, researchers caution that attackers may have accessed the data before it was secured, as automated bots frequently scan the internet for such vulnerabilities.Source: Tech Radar
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




