Comment: 5 Billion Records Exposed In Open ‘Data Breach Database’

Researcher Bob Diachenko has announced that he discovered an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the  SSL certificate and reverse DNS records.  The irony of that discovery is that it was a ‘data breach database’, an enormously huge collection of previously reported (and, perhaps, non-reported) security incidents spanning 2012-2019 era.

Experts Comments

March 23, 2020
Tim Erlin
VP of Product Management and Strategy
Tripwire
There is a certain irony is an exposed database of previously compromised data. The fact that this data was previously compromised doesn’t mean this incident is meaningless. The sheer volume of these collections makes it a valuable target for criminals. Sometimes the data itself is made more valuable by the ease of access or aggregation. It would be important to know for how long this data has been exposed, and of course, whether anyone has actually accessed it.
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.