A forum known as Leak Zone, which shares breached databases and pirated software, exposed an Elasticsearch database containing over 22 million user records to the open web. Security researchers from UpGuard discovered the database was unprotected and accessible without a password. The records captured the IP addresses and login timestamps of users and were updated in real-time. Although not individually identifiable, the data could reveal users' locations if they did not use anonymization tools. Most records pertain to Leak Zone logins, with a small portion related to another site, AccountBot.
Security researchers found that Leak Zone, a forum for breached databases and pirated software, was leaking IP addresses and timestamps of logged-in users due to exposed database.
Leak Zone's exposed Elasticsearch database contained over 22 million records documenting user activity, including login times, which could help identify users who logged in without anonymization.
Approximately 95% of the recorded data in the exposed database pertains to user logins on Leak Zone, with the rest associated with AccountBot, a site for compromised accounts.
Researchers confirmed the database's exposure by creating an account and logging in to Leak Zone, instantly capturing the user's login details in the exposed records.
Collection
[
|
...
]