Elasticsearch data breach exposes records of 82m Americans - Netwrix comments
November 2018 by Netwrix
Elasticsearch servers affecting 82 million individuals. Elasticsearch, an open source search engine mainly used for private networks was reportedly left open for public access, exposing personal information including names, employment details and postal addresses. It is estimated that in total, more than 114m records belonging to US citizens and companies have been affected.
Netwrix’s General Manager EMEA, Matt Middleton-Leal has provided the following statement:
“Basic errors in design and configuration are all too often the achilles heel of organisations’ data security. When organisations are the custodians of personal information they have a duty of care to ensure it is safe and secure. In the case of Elasticsearch, it appeared to have design flaws which enabled hackers to potentially download 82 million citizens’ personal data. These types of design floors would have been exposed by simple red testing exercises, therefore it can be assumed Elasticsearch is either very naïve or simply negligent in its approach to data security.”