The Telegraph Exposed a 10TB Elasticsearch Database for Two Weeks

Bitdefender Total

A security researcher discovered that The Telegraph, one of the largest media conglomerates in the United Kingdom, inadvertently exposed a 10TB database containing information about its subscribers, among other things.

Unattended, unsecured databases are a big problem these days, as some companies and people don’t take precautions. Sometimes it’s just an administrator taking a shortcut and bypassing authentication, but it can also be an error.

According to a report, security researcher Bob Diachenko discovered a 10TB Elasticsearch database online on Sept. 14. While some parts of the database were encrypted, others were not, exposing data such as browsing history, first and last names of some subscribers, their emails and a bunch of metadata.

Diachenko notified the company running The Telegraph on the same day, but the database was likely online since Sept. 1. The Telegraph fixed the problem a couple of days later and said the data breach affected very few people.

“We became aware of this discovery on September 16 and took immediate action to secure the data,” said the company. “An investigation showed that only a small number of records were exposed – less than 0.1% of our users and we have contacted all the users to advise them.”

“The investigation also concluded that whilst the data was exposed it was not breached other than the discovery posted by the researcher,” the company added. “We are grateful for the work of independent researchers who responsibly disclose vulnerabilities and exposures and who are vital in our continued work to protect our assets.”

All the same, if you have a subscription to this newspaper, it would be wise to change the password as soon as possible. Also, be on the lookout for phishing schemes that might use the leak data.

With Bitdefender Digital Identity Protection you can take control and minimize your digital footprint by continuously monitoring for data breaches and social media impersonators that could ruin your reputation. Digital footprint monitoring only uses the information provided in the onboarding process (email address and phone number). The dedicated tool helps find your private information online in legal and illegal collections of data. Stay on top of new breaches and privacy threats with instant alert and monitoring to make more privacy and security-focused choices online.