Data about 57 million people exposed by Elasticsearch servers

A data breach involving Elasticsearch search-engine technology exposed the personal information of nearly 57 million people for at least two weeks, according to report released Wednesday by the cybersecurity organization Hacken. The breach exposed 73 gigabytes of data as early as Nov. 14, Hacken said, including the names, employers, job titles, emails, addresses, phone numbers and IP addresses of 56,934,021 U.S. residents. There was a separate cache of data titled “Yellow Pages,” the report said, with 25 million records about businesses, including information such as names, company details, zip addresses, latitude/longitude, census tract, phone numbers, web addresses, emails, revenue numbers and more. Hacken said it was unclear where the leak originated, but the formatting of the data appeared to have similarities to fields used by Canadian data management company Data & Leads. The database is no longer exposing information to the public, Hacken said. Elasticsearch is an open-source tool intended to allow users to search data stored in private networks. The […]

The post Data about 57 million people exposed by Elasticsearch servers appeared first on Cyberscoop.

Continue reading Data about 57 million people exposed by Elasticsearch servers

Google shuts down Google+ for consumers due to bug found months ago

Google has decided to shut down consumer use of its Google+ social network after an internal privacy review discovered a flaw that exposed non-public profile data through its API, the company announced Monday. Discovered in March, Google found that a flaw in its Google+ People API exposed data including name, email address, occupation, gender and age. The company said it doesn’t have a concrete number on how many people were affected because the API log data is only kept for two weeks at a time. However, during a two-week testing period before the company closed the bug, profiles of up to 500,000 Google+ accounts were potentially affected, and up to 438 applications may have used the API, Google said. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” a Google blog post reads. Despite finding the bug in […]

The post Google shuts down Google+ for consumers due to bug found months ago appeared first on Cyberscoop.

Continue reading Google shuts down Google+ for consumers due to bug found months ago