Cybernews reports that information from 762 car owners in China has been exposed by a misconfigured Elasticsearch server hosted on a U.S.-based IP address for at least two days before being discovered last month.
Individuals' full names, birthdates, phone numbers, ID numbers, email addresses, home addresses, vehicle identification numbers, car brands and models, engine numbers, and vehicle colors were leaked by the unsecured Elasticsearch instance, the ownership of which remains uncertain, according to Cybernews researchers. Such a compromise, which comes after vehicle details were reported by Cisco Talos researchers to be potentially leveraged in hacking user systems, was noted by researchers to potentially pose financial fraud, identity theft, and physical security risks to individuals whose data had been exposed. "This incident highlights the ongoing risks associated with the improper handling and securing of large datasets, particularly those containing sensitive PII. It underscores the need for stringent data protection measures and the importance of accountability in data management," said researchers.
