Researcher Bob Diachenko has announced that he discovered an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records. The irony of that discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported (and, perhaps, non-reported) security incidents spanning 2012-2019 era.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
There is a certain irony is an exposed database of previously compromised data.
The fact that this data was previously compromised doesn’t mean this incident is meaningless. The sheer volume of these collections makes it a valuable target for criminals. Sometimes the data itself is made more valuable by the ease of access or aggregation.
It would be important to know for how long this data has been exposed, and of course, whether anyone has actually accessed it.