Researchers from SafetyDetectives uncovered an unprotected Elasticsearch server that exposed over 899 GB of data.
Who is the owner of the database?
The company behind the leaky database is currently unknown. However, the database leaked data of more than 100 loan-related apps, suggesting that the owner might most likely be a marketing agency for mobile apps. The provider of the server is Aliyun Computing Co., but they only rented the server to the company and are not responsible for the leak.
The database was left open for two weeks and has now been secured by Aliyun Computing Co.
What information was exposed?
“There are more than enough details to entirely overtake someone’s identity without any significant effort whatsoever. If this data were to be sold on the Dark Web, it could easily be packaged into a ‘deal’ where an individual’s financial, medical, and personal life are up for grabs. When targeted, even a phone’s sim card can be replicated and nearly full access to all of a person’s phone apps that control smart home devices, contain private photos and details, and more is made available,” researchers wrote in a blog.