Well-known security researcher Bob Diachenko discovered a ‘Giant’ blunder made by uk media outlet The Telegraph after it exposed 10 terabytes of subscribers’ data.
According to Diachenko, the trove of records included subscriber information and server logs, while the data was exposed due to an unsecured Elasticsearch cluster, which remained unprotected throughout September, and was freely accessible without any authentication or password required to access it.
How did The leak happen?
According to the researcher, while most of the data was encrypted, personal details of around 1,200 subscribers/registrants of the media outlet were in clear text format, and a massive collection of internal server logs was also unprotected.
Diachenko notified The Telegraph about the leak the same day it was discovered, but he didn’t receive any response, so two days later, on 16 September 2021, he shared the