Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity

In total, two misconfigured ElasticSearch servers belonging to an unknown organization exposed 359,019,902 (359 million) records that were collected with the help of data analytics software developed by SnowPlow Analytics.

The IT security researchers at Website Planet have identified two exposed ElasticSearch servers belonging to an unnamed organization using open-source data analytics software developed by the London, England-based software vendor, SnowPlow Analytics.

This software allows companies to track and store information on their website (s) visitors without their knowledge. It is worth noting that a web analytics tool can collect versatile data metrics. The data is then used for creating an extensive, detailed profile for site visitors.

Case of Misconfigured ElasticSearch Servers

According to researchers, both ElasticSearch servers didn’t have any encryption or user authentication measures in place meaning anyone could have accessed the data without the need for a password.

The unsecured, misconfigured servers eventually exposed 359,019,902 records, which equals around 579.4 GB of data. The exposed servers contained detailed logs of web user traffic, including the following.

Referrer pageTimestamp IPGeolocation dataWeb page visitedUser-agent data of website visitors

Details of Exposed Data

According to Website Planet’s blog post published last week, the unsecured servers contained user data for two months in 2021. The first server comprised data from September 2021 with 242,728,328 records or 389.7 GB of data collected between September 2nd, 2021, and October 1st, 2021.

The second server contained December 2021 data featuring 116,291,574 records or 189.7 GB of data collected between December 1st, 2021, and December 27th, 2021.

Screenshot from the exposed server (Credit: Website Planet)

Fifteen Million Potentially Affected Users

The research team further noted that around 4 to 100 records of users appear on the two servers, and given that there are multiple logs for each user, this exposure might impact at least 15 million people.

It is worth noting that the exposed data can allow attackers to locate people using user profiles’ server logs and filter the users through their IP addresses. This means the disclosed information can let attackers obtain extensive details about every user’s digital trail like web browsing preferences and other activities.

Furthermore, the servers were live and actively updating new information at the time when they were discovered. However, neither ElasticSearch nor SnowPlow Analytics is responsible for this exposure because the company that owns the misconfigured servers is at fault.

The data exposure might have a far-reaching impact because users worldwide are affected by this exposure. However, it is unclear whether the servers were accessed by third-party with malicious intent.

Nevertheless, at the time of publishing this article, both exposed servers were secured after Website Planet sent alerts to concerned authorities.

More ElasticSearch Servers News

US and China Exposed Most Databases in 2021The Telegraph newspaper exposed 10TB of subscriber dataLeaky database exposes fake Amazon product reviews scamUS Govt’s secret terrorist watchlist with 2M records exposed onlineStripchat database mess up exposes 200M adult cam models, users’ data