Unsecured server leaks details of 32 million Sky Brazil subscribers

The TV subscription company hadn't implemented a password on its ElasticSearch server

Thirty-two million Sky Brasil customers have been subject of a data breach caused by an unsecured ElasticSearch server.

The subscription TV provider left one of its servers without a password, meaning the information was indexed by search engine Shodan and exposed on the internet.

The leak was uncovered by Fabio Castro, a Brazilian security researcher, reported ZDNet

Castro explained he wasn't sure how long the server had been left open but it had been indexed since mid-October.

He uncovered the ElasticSearch server's data before identifying who it belonged to using two IP addresses. But after examining the data, he discovered it was one of Sky Brasil's servers.

The data stored on the device was API information and included 28.7GB of log files and 429.1GB of API data, with the details of both personal and business customers.

Data included names, home addresses, phone numbers, birth dates, billing details, and encrypted passwords.

After telling Sky Brasil about the leak, Castro said the server has now been secured with a password. Although the data is still indexed, no one can view the data.

ElasticSearch servers have been flagged by security researchers as a vulnerable storage option for the last year, following a number of data leaks and breaches.

In the last few months, FitMetrix and an unidentified data analytics firm have both been involved in data leaks because of unsecured servers. On both occasions, the administrators failed to add password protection to their devices so anyone could access and take the data residing on them.

However, Elastic, the company behind ElasticSearch said their servers are only designed for use in internal networks, which is why password protection isn't a requirement during set up.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

Google Photos is free for just one more month
Google Docs

Google Photos is free for just one more month

30 Apr 2021
On-prem storage vs. public cloud storage
Whitepaper

On-prem storage vs. public cloud storage

12 Mar 2021
Dell and Faction debut multi-cloud backup and data protection solutions
cloud storage

Dell and Faction debut multi-cloud backup and data protection solutions

8 Mar 2021
What is Gaia-X? A guide to the EU’s unified cloud ecosystem
public cloud

What is Gaia-X? A guide to the EU’s unified cloud ecosystem

11 Feb 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021