A database containing around 1 million web browsing records of internet users has been left unprotected online.
The 890GB database contained daily logs of internet activity of customers of various internet service providers along with personally identifiable information that tied the browsing histories to specific end users. In many cases, highly sensitive internet histories were exposed, including specific videos that were viewed on adult websites and user’s social media profiles.
In the wrong hands the data could be used to blackmail consumers and there could potentially be legal repercussions for individuals if the database was accessed by law enforcement.
The unsecured Elasticsearch database was discovered by the vpnMentor security team on November 12, 2019, but it was not initially apparent who the database belonged to as it contained data relating to users in a range of different countries, mostly in Africa and South America. It was also not clear why the database had been created. It was later confirmed to be linked to a web filtering solution developed by the South African information and communications technology company, Conor.
The database was totally unsecured and unencrypted and could be accessed by anyone without the need for a password. The database contained daily logs dating back 2 months and included all internet traffic from the affected users. The internet logs included an MSISDN code that identified a mobile phone user within their provider’s network, the use’s IP address, the time the user was connected to a website, along with the full website URL, the amount of data transferred, and whether the filter had been triggered to block access to a website. In some cases, users’ Facebook usernames could be found, allowing an individual not only to be quickly identified, but also contacted through the Social media platform.
“For an ICT and software development company not to protect this data is incredibly negligent. Conor’s lapse in data security could create real-world problems for the people exposed,” explained vpnMentor.
vPNMentor also notes that it was clear from the database how the web filter worked. Armed with that knowledge, the web filtering solution could easily be bypassed, rendering it useless.
It is unclear whether Conor’s web filtering database was accessed by unauthorized individuals before it was discovered by vpnMentor, but there are certainly cybercriminals conducting similar scans to identify databases that have been left unsecured.
The research conducted by vpnMentor is intended to help improve cloud security and make the internet safer for all users. When exposed databases are discovered, companies are alerted and assistance is offered to secure their data, hopefully before their databases are accessed by individuals with malicious intentions and consumer data is stolen and misused. This is not the first case of an Elasticsearch database being left exposed online and it certainly will not be the last.