The Elasticsearch database was left exposed without any security authentication which means it could have been accessed by anyone with access to a web browser, and a valid URL.
Comparitech researchers published a report revealing details of an unprotected marketing database that leaked private details of about 35 million residents across Chicago, San Diego, and Los Angeles. Interestingly, the owner of this database hasn’t yet been identified.
Reportedly, the Elasticsearch database wasn’t protected by a password, which is why it could have been accessed by anyone with access to a web browser, and a valid URL. The database was discovered by Bob Diachenko, head of Comparitech’s cybersecurity research team, on 26 June 2021.
