The data was exposed due to an unprotected Elasticsearch cluster and remained open to public access without any security authentication.
Well-known security researcher Bob Diachenko discovered a ‘Giant’ blunder made by UK media outlet The Telegraph after it exposed 10 terabytes of subscribers’ data.
According to Diachenko, the trove of records included subscriber information and server logs, while the data was exposed due to an unsecured Elasticsearch cluster, which remained unprotected throughout September, and was freely accessible without any authentication or password required to access it.
It is worth noting that The Telegraph is one of the UK’s largest online media and newspapers outlets. The database was discovered on 14 September 2021.
How did The Leak happen?
According to the researcher, while most of the data was encrypted, personal details of around 1,200 subscribers/registrants of the media outlet were in clear text format, and a massive collection of internal server logs was also unprotected.
Read the article