Nextcloud leaks 367,000 records: European cloud giant exposes staff and clients in major breach



  • The ElasticSearch cluster exposed on Nextcloud contained ~367,000 records (8 GB), including employee data, customer contracts, and scripts.
  • Sensitive information, such as staff emails and client company details, was not encrypted; Nextcloud secured the file within two days of notification
  • The company attributed the incident to hosting misconfiguration and emphasized that customer servers were not affected, although researchers warn that attackers may have accessed data.

European cloud provider Nextcloud kept an unprotected database on the public Internet, exposing sensitive internal and customer data to anyone who knew where to look, experts revealed.

Nextcloud is a free and open source platform that allows users to create their own private cloud. It is often described as an alternative to Google Drive or Microsoft 365, allowing users to control where their data is located.

Leave a Comment

Your email address will not be published. Required fields are marked *