Data Security, Patch/Configuration Management

Unsecured Elasticsearch cluster exposes over 3M vehicle records

Automotive Digital Key

More than 3.3 million vehicle records with registration information have been exposed by a misconfigured Elasticsearch cluster believed to be owned by a Lebanese government agency due to the presence of Lebanon-based information, Cybernews reports.

Aside from containing vehicle owners' names, birthdates, and phone numbers, such an Elasticsearch cluster also featured vehicle production dates, chassis and engine numbers, and other records with a "special needs" designation, according to Cybernews researchers. "Information in the dataset and the way the data suggests a well-maintained vehicle registration system capable of tracking extensive data," said researchers, who also discovered information that possibly reflected Lebanon's multilingual nature and administrative regions. However, continued uncertainty regarding the ownership of the dataset reduces the odds of impacted individuals being notified of such an exposure. Such a development comes weeks after the discovery of a misconfigured Elasticsearch server that leaked data from 762,000 Chinese car owners and their vehicles.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds