The exposed data was kept on an exposed Elasticsearch cluster.
It’s important to note that while much of the data was encrypted, personal information of at least 1,200 Telegraph subscribers and registrants, as well as a massive trove of internal server logs, were in plain sight.
Full names, email addresses, device information, URL queries, IP addresses, authentication tokens, and unique reader IDs are all examples of subscriber data that have been exposed. Some Apple news subscribers’ or registrants’ passwords were also included in the database.
Bob Diachenko is the researcher who found the unsecured dataset. He stated that at least 1,200 unencrypted contacts were exposed without a password.
Documents Have Been Revealed
Many of these incidents, in particular, involve Apple News subscriber registration information, including unencrypted passwords.
As reported by BleepingComputer, the newspaper was promptly notified and informed of the breach, but it took them two days to respond and protect the database.
The exposure of URL queries may pose a privacy concern because they may be used to reconstruct the users’