Data Security

Over 6B records leaked by misconfigured Elasticsearch server

(Adobe Stock)

HackRead reports that more than 6.19 billion records stolen from disclosed and undisclosed data breaches around the world have been leaked by an unsecured Elasticsearch server believed to be based in Russia or a Russian-speaking country.

Included in the 1.12 TB data trove were records from Ukrainian bank Accordbank, including its users' full names, birthdates and birthplaces, addresses, phone numbers, national ID numbers, passport numbers, and tax codes, according to independent cybersecurity researcher Anurag Sen, who discovered the misconfiguration.

Other data obtained via website scraping was also observed in the database that may have been inadvertently leaked by cybercriminals. Such a database may have already been accessed by other threat actors, with the user "tRex_Prime" peddling more than 6,000 CSV files, including files referencing Accordbank, on DarkForums.

Hacking operations ShinyHunters and Nemesis were previously reported to have leaked stolen data, hacking tools, and threat actor info from an exposed AWS S3 bucket nearly a year ago.

You can skip this ad in 5 seconds