Unsecured server leaks details of 32 million Sky Brazil subscribers

The TV subscription company hadn't implemented a password on its ElasticSearch server

Thirty-two million Sky Brasil customers have been subject of a data breach caused by an unsecured ElasticSearch server.

The subscription TV provider left one of its servers without a password, meaning the information was indexed by search engine Shodan and exposed on the internet.

The leak was uncovered by Fabio Castro, a Brazilian security researcher, reported ZDNet

Castro explained he wasn't sure how long the server had been left open but it had been indexed since mid-October.

He uncovered the ElasticSearch server's data before identifying who it belonged to using two IP addresses. But after examining the data, he discovered it was one of Sky Brasil's servers.

The data stored on the device was API information and included 28.7GB of log files and 429.1GB of API data, with the details of both personal and business customers.

Data included names, home addresses, phone numbers, birth dates, billing details, and encrypted passwords.

After telling Sky Brasil about the leak, Castro said the server has now been secured with a password. Although the data is still indexed, no one can view the data.

ElasticSearch servers have been flagged by security researchers as a vulnerable storage option for the last year, following a number of data leaks and breaches.

In the last few months, FitMetrix and an unidentified data analytics firm have both been involved in data leaks because of unsecured servers. On both occasions, the administrators failed to add password protection to their devices so anyone could access and take the data residing on them.

However, Elastic, the company behind ElasticSearch said their servers are only designed for use in internal networks, which is why password protection isn't a requirement during set up.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

What is Gaia-X? A guide to the EU’s unified cloud ecosystem
public cloud

What is Gaia-X? A guide to the EU’s unified cloud ecosystem

11 Feb 2021
Best NAS drives 2021
network attached storage (NAS)

Best NAS drives 2021

6 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
AWS’ new S3 Storage Lens gives an in-depth view of cloud storage
Amazon Web Services (AWS)

AWS’ new S3 Storage Lens gives an in-depth view of cloud storage

19 Nov 2020

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021