- Up Guard finds a Lake Zone -related unsafe Elistic Search example
- For example millions of IP addresses were included
- Lake Zone is a famous underground forum that has a large number of users
In a moment of poetic irony, a underground “leaking and cracking forum exposed all of its login users’ IP addresses, basically doing them to everyone – security researchers, rival criminals – and in particular, law enforcement.
Up Guard’s security researchers found an exposed Elasticsearch Database, which is available for everyone who knew where to see. Deep analysis has determined that the database belongs to the leak zone, an underground forum where cyber criminals advertise and share stolen archives, credentials and software.
It had more than 22 million records – when the user was logged in, IP addresses and exact time stamps were included. The database is also very fresh, while the saved documents are apparently being updated in real time, and it is also being pointed out if there is an opportunity that the user logs into using an anonymous tool such as a proxy or VPN.
Exposed events – everywhere
It is impossible to say how long the archive has been open, and if anyone discovered it before the up guard works.
We do not even know how many people were exposed in the incident, but allegedly, there are about 100,000 members in this forum. In any case, it has been closed after that and is no longer accessible.
Researchers also could not determine the cause of the database being exposed.
Generally, it leads to human error – admins simply forget to set passwords, or otherwise encrypt it. In fact, exposed database data is the leading cause of leakage – in the same legitimate and illegal organizations.
For years, researchers have been warning that the cloud works on a joint responsibility model – many such IT teams do not know.
Some businesses believe that securing cloud infrastructure is the service provider’s job.
By Takkarch
