What is Going on with Elasticsearch?

The latest scenario

What else?

• In April 2020, a hacker was found constantly breaking into exposed Elasticsearch servers without a password and attempting to wipe the content. This went on for two weeks and more than 15,000 servers were defaced.
• In March 2020, over 5 billion records were unwittingly exposed by a U.K-based security company.
• In February 2020, over 123 million records were leaked by Decathlon via an unprotected Elasticsearch server. Allegedly, apart from the exposed data on the server, PII was exposed.
• In November 2019, the client data of the Gekko Group was exposed; the data included unencrypted payment information, among others.
• In October 2019, the personal data of 1.2 billion people was leaked via an unsecured Elasticsearch server that contained around 4 billion user accounts.

So why do Elasticsearch servers keep getting hacked?

• The root cause of the issues is a poor understanding of the security configurations and its functions. People often allow unauthenticated and unauthorized users to access their data on the internet.
• Other times, developers expose testing or development systems to the Internet for convenience and forget to change the configuration while moving to production.