The Telegraph newspaper exposed 10TB of subscriber data

The data was exposed due to an unprotected Elasticsearch cluster and remained open to public access without any security authentication.

Well-known security researcher Bob Diachenko discovered a ‘Giant’ blunder made by UK media outlet The Telegraph after it exposed 10 terabytes of subscribers’ data.

According to Diachenko, the trove of records included subscriber information and server logs, while the data was exposed due to an unsecured Elasticsearch cluster, which remained unprotected throughout September, and was freely accessible without any authentication or password required to access it.

It is worth noting that The Telegraph is one of the UK’s largest online media and newspapers outlets. The database was discovered on 14 September 2021. 

How did The Leak happen?

According to the researcher, while most of the data was encrypted, personal details of around 1,200 subscribers/registrants of the media outlet were in clear text format, and a massive collection of internal server logs was also unprotected.

SEE: US Govt’s secret terrorist watchlist with 2M records exposed online

Diachenko notified The Telegraph about the leak the same day it was discovered, but he didn’t receive any response, so two days later, on 16 September 2021, he shared the

Read More: https://www.hackread.com/the-telegraph-exposed-10tb-of-data/