Data Security, Patch/Configuration Management

Misconfigured Elasticsearch database exposes 762K Chinese car owners

concept of leaky software, data with a tap sticking out.3d illustration

Cybernews reports that information from 762 car owners in China has been exposed by a misconfigured Elasticsearch server hosted on a U.S.-based IP address for at least two days before being discovered last month.

Individuals' full names, birthdates, phone numbers, ID numbers, email addresses, home addresses, vehicle identification numbers, car brands and models, engine numbers, and vehicle colors were leaked by the unsecured Elasticsearch instance, the ownership of which remains uncertain, according to Cybernews researchers. Such a compromise, which comes after vehicle details were reported by Cisco Talos researchers to be potentially leveraged in hacking user systems, was noted by researchers to potentially pose financial fraud, identity theft, and physical security risks to individuals whose data had been exposed. "This incident highlights the ongoing risks associated with the improper handling and securing of large datasets, particularly those containing sensitive PII. It underscores the need for stringent data protection measures and the importance of accountability in data management," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds