Data Security

Nextcloud exposes sensitive data due to hosting misconfiguration

A digital representation of a data leak warning, featuring glowing red text against a dark, high-tech background.

European cloud provider Nextcloud left an unprotected database accessible on the public internet, exposing sensitive internal and client data. The exposed ElasticSearch cluster contained approximately 367,000 records, totaling 8GB of data, including employee information and client contracts, as reported by Tech Radar.

The exposed data included employee emails, client company details, contracts, and scripts. Some of the information was unencrypted, making it vulnerable to unauthorized access. Security researchers at Cybernews discovered the misconfiguration in mid-May 2026 and notified Nextcloud, which secured the archive within two days. Nextcloud attributed the incident to a hosting infrastructure misconfiguration, stating that customer servers were unaffected.

While Nextcloud found no evidence of unauthorized access, researchers caution that attackers may have accessed the data before it was secured, as automated bots frequently scan the internet for such vulnerabilities.

Source: Tech Radar

You can skip this ad in 5 seconds