Unsecured server leaks details of 32 million Sky Brazil subscribers

The TV subscription company hadn't implemented a password on its ElasticSearch server

Thirty-two million Sky Brasil customers have been subject of a data breach caused by an unsecured ElasticSearch server.

The subscription TV provider left one of its servers without a password, meaning the information was indexed by search engine Shodan and exposed on the internet.

The leak was uncovered by Fabio Castro, a Brazilian security researcher, reported ZDNet

Castro explained he wasn't sure how long the server had been left open but it had been indexed since mid-October.

Advertisement
Advertisement - Article continues below

He uncovered the ElasticSearch server's data before identifying who it belonged to using two IP addresses. But after examining the data, he discovered it was one of Sky Brasil's servers.

The data stored on the device was API information and included 28.7GB of log files and 429.1GB of API data, with the details of both personal and business customers.

Data included names, home addresses, phone numbers, birth dates, billing details, and encrypted passwords.

After telling Sky Brasil about the leak, Castro said the server has now been secured with a password. Although the data is still indexed, no one can view the data.

ElasticSearch servers have been flagged by security researchers as a vulnerable storage option for the last year, following a number of data leaks and breaches.

In the last few months, FitMetrix and an unidentified data analytics firm have both been involved in data leaks because of unsecured servers. On both occasions, the administrators failed to add password protection to their devices so anyone could access and take the data residing on them.

However, Elastic, the company behind ElasticSearch said their servers are only designed for use in internal networks, which is why password protection isn't a requirement during set up.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/nas/27920/best-nas-drives
network attached storage (NAS)

Best NAS drives 2019

26 Apr 2019
Visit/cloud-storage/32814/dropbox-business-advanced-review-first-rate-filesharing
cloud storage

Dropbox Business Advanced review: First-rate filesharing

22 Jan 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019