More than 3.3 million vehicle records with registration information have been exposed by a misconfigured Elasticsearch cluster believed to be owned by a Lebanese government agency due to the presence of Lebanon-based information, Cybernews reports.
Aside from containing vehicle owners' names, birthdates, and phone numbers, such an Elasticsearch cluster also featured vehicle production dates, chassis and engine numbers, and other records with a "special needs" designation, according to Cybernews researchers. "Information in the dataset and the way the data suggests a well-maintained vehicle registration system capable of tracking extensive data," said researchers, who also discovered information that possibly reflected Lebanon's multilingual nature and administrative regions. However, continued uncertainty regarding the ownership of the dataset reduces the odds of impacted individuals being notified of such an exposure. Such a development comes weeks after the discovery of a misconfigured Elasticsearch server that leaked data from 762,000 Chinese car owners and their vehicles.
