Unsecured server leaks details of 32 million Sky Brazil subscribers

The TV subscription company hadn't implemented a password on its ElasticSearch server

Thirty-two million Sky Brasil customers have been subject of a data breach caused by an unsecured ElasticSearch server.

The subscription TV provider left one of its servers without a password, meaning the information was indexed by search engine Shodan and exposed on the internet.

The leak was uncovered by Fabio Castro, a Brazilian security researcher, reported ZDNet

Advertisement - Article continues below

Castro explained he wasn't sure how long the server had been left open but it had been indexed since mid-October.

He uncovered the ElasticSearch server's data before identifying who it belonged to using two IP addresses. But after examining the data, he discovered it was one of Sky Brasil's servers.

The data stored on the device was API information and included 28.7GB of log files and 429.1GB of API data, with the details of both personal and business customers.

Data included names, home addresses, phone numbers, birth dates, billing details, and encrypted passwords.

After telling Sky Brasil about the leak, Castro said the server has now been secured with a password. Although the data is still indexed, no one can view the data.

ElasticSearch servers have been flagged by security researchers as a vulnerable storage option for the last year, following a number of data leaks and breaches.

Advertisement
Advertisement - Article continues below

In the last few months, FitMetrix and an unidentified data analytics firm have both been involved in data leaks because of unsecured servers. On both occasions, the administrators failed to add password protection to their devices so anyone could access and take the data residing on them.

However, Elastic, the company behind ElasticSearch said their servers are only designed for use in internal networks, which is why password protection isn't a requirement during set up.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Fivetran is now worth $1.2 billion thanks to new funding
big data

Fivetran is now worth $1.2 billion thanks to new funding

30 Jun 2020
Best NAS drives 2020
network attached storage (NAS)

Best NAS drives 2020

19 Feb 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020