Friday, January 22, 04:23
Home security 49 million unique emails were exposed due to the misuse of credentials

49 million unique emails were exposed due to the misuse of credentials

An Israeli marketing company exposed 49 million unique emails after needless authentication commands for an Elasticsearch database located on an unprotected web server.

In a vague update this week, Straffic, a private digital marketing company, said the incident was the result of a "security vulnerability" affecting one of the server her.

But it's not the whole story, and this event shows that huge databases are still at risk even when access to them requires control. identity.

Unexpected vulnerability

Straffic is described as "a private network for affiliate affiliate affiliates with CPA [cost per action] & CPL [cost per lead] by trusted advertisers".

In a short message on Wednesday, the company announced that "a security vulnerability was found on one of the servers we use to provide our services."

The incident involved an Elasticsearch database with 140GB of contact information consisting of names, phone numbers, and postal addresses. While he was protected by password, it seems that the credentials were not stored correctly.

A security researcher was named 0m3n on Twitter found them in plain text on the web server. 0m3n - DevOps engineer with emphasis on security - decided to check the web server after receiving a link in a spam message.

Troy Hunt said that 70% of the emails in the Straffic database already existed on I Have Be Pwned, the data breach notification site he created. This means that many of these emails “did not come from previous ones violations", He says in response to Under the Breach on Twitter.

Straffic says it all systems its safe at the moment and they found no evidence of copying or misuse date.

Indeed, security incidents can occur even when the best precautions have been taken and are more likely to occur when the credentials of the database data circulate online, especially when they are in plain text.

Hunt, who is very familiar with data breach notifications, points out that Straffic's announcement does not have the basic information that should be available on such a announcement. No details are given on the date of the event (or at least an estimate), what caused it, how it was made and the parties involved informed.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...