Over 8 billion real-time Internet records of users of Thailand’s largest cell network, Advanced Info Service (AIS), were leaked due to a misconfigured Elasticsearch database.
Security researcher Justin Paine first discovered the leak and informed the company about the same. After not receiving any response, Paine alerted ThaiCERT, who questioned the company about the same. The database was taken offline later and the records were secured. The affected data included a combination of NetFlow data and DNS query logs.
This is not the first case
There have been several Elasticsearch database breaches and is a recurring problem.
- More than 5 billion records were leaked after a UK-based security company unwittingly exposed its data breach database without password protection.
- Bithouse, the app developer for Peekaboo, left its Elasticsearch database open that contained more than 70 million log files.
- Microsoft suffered through a data breach that leaked 250 million user records because of a misconfigured Elasticsearch database.
- Misconfiguration of cloud servers has become a common issue with data leaks at Dow Jones, Rubrik, Meditab, Voipo, and Gearbest.
What the experts are saying
- One of the major causes of such data leaks is the outsourcing of contracts.
- It is suggested that security configurations should be reviewed on a regular basis and all industry-standard protections should be incorporated.
What you can do
- Use secure defaults for cloud-based platforms such as Kibana and Elasticsearch.
- Use DoT or DoH to secure DNS communications in transit so that the ISP cannot spy or sell your DNR query traffic.
All these data leak instances prove the challenges faced by companies, including the big ones, in understanding where the data is stored and who has access to it.