Unprotected Elasticsearch database belonging to SkyMed exposes personal information of 137k members

• The security researcher inspected the database and found out almost 136, 995 records of member data along with evidence of ransomware inside the network.
• The leaky database could allow anyone to edit, download, or even delete data without administrative credentials.

A security researcher Jeremiah Fowler uncovered an unprotected Elasticsearch database belonging to SkyMed that was publicly available without any authentication.

What was exposed?

The unsecured database exposed almost 136,995 members’ personal and medical information such as names, dates of birth, phone numbers, addresses, email addresses, and limited medical information.

Why it matters?

The leaky database could allow anyone to edit, download, or even delete data without administrative credentials.

The big picture

The security researcher came across the unprotected database on March 27, 2019. Fowler inspected the database and found out almost 136, 995 records of member data as well as evidence of ransomware inside the network. This was revealed when Fowler found a ransom note entry name "howtogetmydataback" in the database.

“Inside the database was each member’s file that included personally identifiable information and some accounts had medical information or notes about the user. It is unknown how long this data was publicly accessible or who may have accessed it. What is known is that there was evidence of ransomware inside the database and this could potentially be evidence of a far bigger exposure,” Fowler said in a blog.

Upon discovery, Fowler notified SkyMed about the database, however, received no response. Later, on April 05, 2019, the leaky database was taken down and secured.