article featured image


Comparitech researchers published a detailed report about an Elasticsearch database leak that could be used by threat actors for targeted spam and malicious campaigns.

The unprotected marketing database leaked private details of around 35 million residents across Chicago, San Diego, and Los Angeles. So far, the owner of this database hasn’t yet been identified.

Bob Diachenko, head of Comparitech’s cybersecurity research team was the one who discovered the database on June 26th, 2021. He suspects that it could be intended for marketing purposes, and the company in question stored it on a misconfigured server. Diachenko contacted Amazon Web Services, which hosted the database’s server, and requested to be taken down.

What Data Was Exposed?

The database included names, contact information, home addresses, ethnicities, estimated income, as well as demographic information ranging from hobbies and interests to shopping habits, property information, affiliation, and media consumption.

Each person’s record contained 268 fields of information.

us-resident-data-exposure-record elasticsearch leak

Image Source

Unfortunately, since the database could be accessed by anyone with an Internet connection, the information could now be used for scam campaigns and phishing attacks. At the same time, the privacy of millions of people is threatened as a result.

No financial information or passwords were in the database.

Each record in the database also contains an eight or nine-digit ID number. At first glance, some of these appear to be Social Security Numbers, but after further investigation we no longer believe that to be the case.


Amazon Web Services Took Down the Database

The data remained accessible until July 27th, 2021, when Amazon Web Services took it down to prevent it from landing in the wrong hands.

Nevertheless, it remained exposed for a whole month, which was more than enough time for cybercriminals to exfiltrate the information. The data was collected between 2010 and May 2021 and contained many recent records.

elasticsearch stat-edit-scaled

Image Source

The researchers revealed that a significant portion of the Elasticsearch records includes a “source domain” field with website domains that might hint at the information’s origin. The majority of websites were often dodgy: rent-to-own homes, cruise giveaways, money advances, cash sweepstakes, etc. Therefore, it seems plausible that this is a spam or scam marketing database.

Chicago, Los Angeles, and San Diego residents should be on the lookout for scams and phishing schemes. They are strongly advised not to link in a suspicious email and should always check the sender’s identity before providing any personal or financial information.

In a world that’s dominated by information theft and countless malicious operators, data leakage prevention is crucial when it comes to staying one step ahead of hackers, so make sure you implement this type of approach.

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

Leave a Reply

Your email address will not be published. Required fields are marked *