- Upguard finds an instance of elasticsearch without protection that belongs to the escape zone
- The instance contained millions of IP addresses
- The leakage zone is an underground forum known with a large number of users
In a moment of poetic irony, a “Subsid and cracking forum” underground presented the IP addresses of all its connected users, essentially Doxxx to all: security investigators, rival criminals, and above all, the application of the law.
Upguard security researchers found an exposed elasticsearch database, available for anyone who knew where to look for. The deepest analysis determined that the database belonged to Leak Zone, an underground forum where cybercriminals announce and share stolen credentials and software.
It contained more than 22 million records: IP addresses and time brands precise when the user logged in. The database is also quite fresh, with the file it is apparently updated in real time, in addition to indicating whether there is the possibility that a user will log in using an anonymization tool such as a proxy or a VPN.
Exposed instances – everywhere
It is impossible to say how long the file remained open, and if someone discovered it before Upguard.
Nor do we know how many people were exposed in this incident, but supposedly, the forum has approximately 100,000 members. In any case, since then it has been blocked and is no longer accessible.
The researchers could not determine the cause of the database that was exposed.
In general, it is due to human error: administrators simply forget about establishing a password or encrypting it differently. In fact, the exposed databases continue to be the main cause of data leaks, between legitimate and illegal organizations equally.
For years, researchers have warned that Cloud works in a shared responsibility model, something that many IT teams do not seem to be aware.
Some companies believe that ensuring cloud infrastructure is the task of the service provider: leaving the rear door open for cybercriminals.
Through Techcrunch
