What is the problem?
Security researchers from vpnMentor, Noam Rotem and Ran Locar discovered an unprotected Elasticsearch database belonging to a flight booking website ‘Option Way’.
What is the impact?
The unsecured database has leaked over 100 GB of data of customers from various countries including France, Belgium, Algeria, Switzerland, and Austria.
What information was exposed?
Discovery of the database
Researchers discovered the leaky database on August 20, 2019. After examining the database, the researchers notified Option Way about the vulnerability on August 25, 2019, and the owners of the database responded back 4 days later.
“With this information obtained, the victim can be exploited in various criminal schemes, from credit card fraud all the way to complete identity theft. Hackers can sell PII to the highest bidder on the dark web and combine it with other forms of attack, making the criminals exploiting the data untraceable,” researchers said in a blog.