Sky Brazil users' data leaked due to unsecured ElasticSearch server

ElasticSearch unsecured network affects 32 million Sky Brasil's users

The unsecured ElasticSearch server related in a data breach o 32 million users.

A famous Brazilian cybersecurity researcher Fabio Castro has recently discovered a data breach which affected around 32 million Sky Brasil customers. Castro spotted that the leak happened because of the ElasticSearch server which was left unprotected, e.g. with no password. This resulted in customers' personal information being widely exposed all over the Internet through Shodan search engine used to find connected systems and devices of the Internet.

The security researcher informed the company about his findings the same minute he recognized it. However, the TV station hasn't contacted him yet. They just fixed the server and remained silent.

It seems that the server was kept open since the middle of October. All information that was stored on the unsecured server was API data which included about 28.7 GB of various files and 429.1 GB of other API details.^[1] Nevertheless, the exposed information belongs not only to personal users but to business customers as well.

Hackers might have tried to take advantage of exposed data

Sky Brasil^[2] is known as an organization which provides numerous TV channels and other TV-related content. Its unlucky decision to selectElasticsearch servers resulted in leaked data which was accessible on the Internet for a wide range of people. The details that have been leaked include the following:^[3]

• Names/surnames;
• Residence addresses;
• Mobile phone numbers;
• Birth dates;
• Payment details;
• Passwords;
• etc.

Having in mind that information was kept in reach for anyone, a cybercrook might have managed to take advantage of such server vulnerability and misuse exposed data for illegal purposes. Sadly, this kind of cruel activity might have resulted in an identity theft or some other serious consequences.

The Shodan engine creator Matherly explained that personal information can become even more vulnerable due to the tool's functionality:^[4]

And even the devices that do require authentication mostly use default credentials, so you just go on Shodan and you can search for the default password and access them as easily as that.

Vulnerability fixed, ElasticSearch is pointed as a non-reliable data storage option

Castro has claimed that the server's vulnerability was taken care of by adding a security password to it, so nobody is able to view any data that is held on the server. However, ElasticSearch servers have been marked by cybersecurity experts as a non-safe option for data storage due to the number of data exposures they have experienced.

However, such accidents are truly common as administrators often fail to protect servers correctly. For example, some time ago, an organization called FitMetrix also experienced a similar data breach as an employee forgot to add a security password.^[5] This let anyone access and misuse data that was stored on unprotected servers.

Even though the Elastic company created its service for internal networks only, which means that passwords are not required, we can see that without proper protection there can occur lots of big problems, including one of the biggest – data breach.^[6]

Due to the beforementioned fact, it is very important that we also take actions to increase our virtual safety. Even reliable and widely known companies sometimes fail to protect clients' data, so we need to make sure that we have taken all possible actions to keep our sensitive information as safe as possible.