Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity

In total, two misconfigured ElasticSearch servers belonging to an unknown organization exposed 359,019,902 (359 million) records that were collected with the help of data analytics software developed by SnowPlow Analytics.

The IT security researchers at Website Planet have identified two exposed ElasticSearch servers belonging to an unnamed organization using open-source data analytics software developed by the London, England-based software vendor, SnowPlow Analytics.

This software allows companies to track and store information on their website (s) visitors apparently without their knowledge. It is worth noting that a web analytics tool can collect versatile data metrics. The data is then used for creating an extensive, detailed profile for site visitors.

Case of Misconfigured ElasticSearch Servers

According to researchers, both ElasticSearch servers didn’t have any encryption or user authentication measures in place meaning anyone could have accessed the data without the need for a password.

The unsecured, misconfigured servers eventually exposed 359,019,902 records, which equals around 579.4 GB of data. The exposed servers contained detailed logs of web user traffic, including the following.

Referrer pageTimestamp IPGeolocation dataWeb page visitedUser-agent data of website visitors Details of Exposed Data

According to Website Planet’s blog post published last week, both servers contained user data

Read More: https://www.hackread.com/misconfigured-elasticsearch-servers-user-website-activity/