Elasticsearch Server Open Without a Password

A browser provider has leaked user data after mistakenly leaving an Internet-exposed Elasticsearch site without authentication.

The leak happened at Blisk, an Estonian corporation that produces the Blisk software, which is named after it.

The Blisk client is a Chromium-based offshoot geared to the web and software creation environment and offers improved developer resources, features for application previewing, and resources for project collaboration.

The platform was released in May 2016 and has established a track record on the web development industry. Blisk claims its software is used by over 40,000 businesses on its web, including several significant names including HP, Xerox, NASA, Unicef, Deloitte, UEFA, Vice News and Pandora.

The organization suffered an unintended data leak last December. On December 2 2019, two researchers with vpnMentor, Noam Rotem and Ran Locar, discovered a company-owned Elasticsearch site that was mistakenly left exposed online.

VpnMentor researchers said they find personal details with the Blisk website/browser for thousands of web developers who had registered profiles with them.

They noticed 2.9 million documents total, amounting to 3.4 GB of files, left electronically unprotected.

The details tended to be log entries within the client for behaviour developers were taking, such as creating accounts or welcoming mates.

vpnMentor
Image: vpnMentor (supplied)

Private information distributed via the compromised repositories included email addresses and strings for user-agents.

SEE ALSO:
Cyber-Espionage Group Hijacked Email Accounts to Send Phishing Emails to Potential Victims

VpnMentor said on December 4 that it told Blisk, and the application developer had acquired the domain the next day.

Yesterday in an email, the Blisk team confirmed the leak. It said that despite their error, the leak did not result in the exposure of sensitive information, such as passwords, financial information, or personally identifiable information (PII), such as names, billing information, or telephone numbers that were not stored on that server.

However, vpnMentor believes that the data might have some organizational interest for an intruder if, during the time the server was exposed, one ever got his hands on it.

The data could be used to monitor private business developers and customize vulnerabilities and malware based on their user-agent strings (including application details).

LEAVE A REPLY

Please enter your comment!
Please enter your name here