Le Figaro, the oldest national daily in France, is the latest victim of a data leak that exposed 7.4 billion records that contain readers’ personal information, security researchers at Safety Detectives revealed. The researchers stated they found an 8TB Elasticsearch database, hosted by Dedibox, exposed online without password protection.
The database contained API logs that hold records of new subscribers and previously subscribed users. The exposed users’ personal data included full names, emails, home addresses, IP addresses, server access tokens, countries of residence, postal codes, and passwords for new users both in cleartext and hashed with the unreliable MD5 algorithm. In addition, researchers found around 42,000 new users registered on Le Figaro between February and April 2020, which were also exposed in the data breach.
“The exact number of people exposed is uncertain due to the structure of the data. It would have required more time to investigate the database and calculate precisely how many individual users were recorded across each type of data entry. Due to the sensitivity of the leak, we decided it was better to contact Le Figaro quickly rather than spend more time investigating,” the researchers stated.
Apart from the API logs containing PII data, Safety Detectives said, “The compromised database also contained numerous technical logs exposing more of Le Figaro’s backend servers and possibly additional, potentially sensitive data that could be valuable for attackers hoping to compromise the company’s data infrastructure, including SQL query errors, Traffic between different servers, Communication protocols, and Potential access to admin accounts.”
Risks from Data Breaches
The researchers warned that attackers might take advantage of the sensitive information exposed to database leaks. Hackers could exploit the data to launch identity theft, credential phishing attacks, spear-phishing attacks against Le Figaro’s users, journalists, and employees, and on Le Figaro’s network and backend servers, the researchers concluded.
Recurring Elasticsearch Server Leaks
Elasticsearch servers have continued to leak protected personal information of millions of people and organizations. The most recent server breach occurred when Peekaboo’s app developer, Bithouse, left the Elasticsearch database open, which contained more than 70 million log files comprising nearly 100 GB data stored from March 2019. The exposed data included detailed device data, links to photos and videos, and around 800,000 email addresses.
There was always been a security concern about Elasticsearch servers. Security experts stressed that breach occurs due to lack of built-in protections, when there are no password protections or firewalls. Even ElasticSearch provided some recommendations on how to secure their servers, which include secure authenticated sign-in, proper encryption, layered security, and audit logging.