Data belonging to 32 million customers of SKY Brasil has been exposed online long enough to make their theft very likely, an independent security researcher discovered. Fábio Castro found that the data cache could be reached by anyone that knew where to look on the internet.
Personal info ready for the picking
Using the advanced features of the Shodan search engine, he was able to discover multiple servers in Brazil running Elasticsearch that made information available without authentication.
A cluster of servers called “digital-logs-prd” attracted the researcher’s attention and with a simple command, he listed the indices available, one of them 429.1GB in size.
Falanx Group Ltd (LON:FLX), through its subsidiaries, provides cyber defence and intelligence services to blue chip and government clients worldwide. It operates through Falanx Cyber Defence and Falanx Intelligence divisions.