A popular south Asian delivery company exposed 400 million records containing customers’ personal information via a vulnerable cloud server, according to researchers.
A team from reviews site Safety Detectives found the bug during a simple IP address check on specific ports. It claimed the Elasticsearch server was left wide open with no password protection or encryption, meaning anyone with the server’s IP address could have accessed the database.
The team soon traced the leak back to Bykea, a Karachi-based vehicle-for-hire and delivery company that offers an extensive fleet of “motorbike taxis” which are bookable via smartphone app.
Bykea contacted
Infosecurity to clarify that the vulnerability was in one of the firm s backup logging nodes and that it was promptly patched before it could be exploited.
Seguridad informática: se filtran más de 400 GB de información pulzo.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from pulzo.com Daily Mail and Mail on Sunday newspapers.
READ MORE
Researchers did say that though that Socialarks database did include information that wasn t publicly available on user accounts. They said: Socialarks’ database contained scraped data including personal information, albeit user data was partially completed. However, according to our findings, Socialarks’ database stored personal data for Instagram and LinkedIn users such as private phone numbers and email addresses for users that did not divulge such information publicly on their accounts. How Socialarks could possibly have access to such data in the first place remains unknown.
Safety Detectives said they discovered the database vulnerability last month, and contacted Socialarks as soon as they confirmed the Hong-Kong based firm were the server owners. The server was secured on the same day.
11 January 2021, 8:29 pm EST By Over 400GB of 214 Million Social Media Users Have Been Exposed by Misconfiguration from Chinese Company SocialArks ( Screenshot From Pxhere Official Website )
Over 400GB of a mixed private and public profile data coming from 214 million Facebook, Instagram, LinkedIn, and Other social media users coming from all around the world has recently been exposed to the internet. This includes certain details for even social-media influencers and celebrities coming from the United States and other places.
Social media user data leaked
According to an article by ThreatPost, this leak now stems from a certain misconfigured ElasticSearch database that is owned by the Chinese social-media management company known as SocialArks, which was said to contain personally identifiable information or PII coming from Facebook, LinkedIn, I