An unprotected 4.7 GB Elasticsearch cluster found on a US-based Amazon AWS server exposed 257,287 sensitive legal documents that came with a “not designated for publication” label.
Security researcher Bob Diachenko who discovered the passwordless Elasticsearch server told internetnewsblog that he “analyzed 250-sampled extract, docs are compiled based on ‘type’ (which is ‘opinion’). Cases are from the 2002-2010 era, from all over the United States.”
The exposed database of legal documents was uncovered as part of a greater scale initiative designed to discover misconfigured noSql databases (i.e., MongoDB, CouchDB, Elasticsearch) and report the findings to the organizations responsible to secure them.
The organization behind the leak is not yet known
In the beginning, Diachenko thought that the unprotected Elasticsearch cluster was managed by Lex Machina but he did not get a response from them after his initial report:
“After initial investigation we assumed that data is managed by Lex Machina, an IP litigation research company and division of LexisNexis that develops legal analytics data and software, and sent them a security notification alert,” according to Diachenko. “No response was received and after almost two weeks database was secured and is now not reachable.
Later on, the researcher pinned the unsecure database on Indian-based LexSphere, a company which “provides legal outsourcing services to a law firm called LexVisio.”
Despite all his tries though, Diachenko did not receive official confirmations from any of the companies he alerted of the data leak, and. in the end, he was not able to successfully pinpoint the organization which failed to properly secure the almost 5 GB of sensitive legal documents, leaving them out in the open, accessible by anyone with an Internet connection and the knowledge needed to find them.
The security expert also stated that:
The public configuration allows the possibility of cybercriminals to manage the whole system with full administrative privileges. Once the malware is in place criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.
Diachenko discovered a multitude of other publicly accessible databases and servers, just this month unearthing an unprotected 140+ GB MongoDB database containing a huge collection of 808,539,939 email records and another MongoDB database with over 200 million records with resumes from Chinese job seekers in January.
He also found the personal information of more than 66 million individuals unprotected on the Internet during December and a further 11 million records during September, all of them also stored in misconfigured and publicly accessible passwordless MongoDB instances.