On June 27, 2021, Cyble researchers acquired a misconfigured elastic database comprising 16.8M records of customs data. The compromised data includes business and customs-related information.
Upon further investigation, we found that this incident affects Argentina, Chile, Colombia, Costa Rica, Ecuador, England, India, Korea, Pakistan, Panama, Paraguay, Peru, Russia, Ukraine, Uruguay, USA, and Venezuela.
Figure 1 shows the exposed elastic database.

Figure 1: Exposed Elastic Database
Figure 2 shows the distribution of the exposed data in terms of the affected nations.

Figure 2: Distribution of Exposed data
The leaked data contains sensitive information such as:
- Importer Registration Dateย
- Importer Details including Name, Address, Phone Number, and Email ID.ย
- Product Description and Quantity
- HS Code of the productย
- Unit Priceย
- Supplier Name and Addressย
Figure 3 and 4 shows a sample of the leaked data.

Figure 3: Sample Leaked Data

Figure 4: Sample Leaked Data
The dataset includes headers like โimporterโ and โhs_codeโ.ย Harmonized Systemย (HS)ย is an internationally standardized codingย system used inย theย classification of tradedย products.ย Theย number ofย importers impactedย by this leakย is 117,843,ย and the totalย number ofย HSย codesย exposed isย 38,625.ย ย
We have observed that the database appears to be a backup taken in 2020. The leaked information has the potential to reveal competitor strategy and pricing details. Apart from this, it can be further misused by cybercriminals to launch targeted phishing attacks on impacted importers and exporters.
Data leaks expose sensitive user data and critical infrastructure of enterprises and may even put confidential data in the wrong hands. Despite emphasis being laid on data security, cybercriminals are looking for newer ways to evade organizations’ defenses to gain unauthorized access to valuable data.
Our Recommendations
Weโฏalsoโฏsuggestโฏyou followโฏtheย essentialโฏbest practicesโฏgiven below:โฏโฏ
- Followโฏgoodโฏrisk managementโฏpracticesโฏandโฏcarry outโฏrisk-assessmentโฏofโฏdifferentโฏassetsโฏregularly.โฏย
- Undertakeโฏperiodicโฏauditingโฏofโฏthird-party risks.โฏย
- Never share your personal information, including financial information, over the phone, email, orโฏSMSes.โฏโฏโฏโฏย
- Useย strongย passwords as well as implement multi-factor authentication.โฏโฏย
- Make it a habit to keep a watch on your financial transactions, and if you notice any suspicious activity, contact yourโฏbank immediately.โฏโฏย
- Turn on the automatic software update feature on your computer,โฏmobile, and other connected devices wherever possible and pragmatic.โฏโฏโฏย
- โNever open untrusted links and email attachments without verifying their authenticity.โฏย
About Cyble:
โฏCybleโฏis a globalโฏthreat intelligenceโฏSaaSโฏprovider that helps enterprises protect themselvesโฏfrom cybercrimesโฏandโฏexposure in theโฏdarkweb.โฏCybleโsย prime focusโฏis to provide organizations with real-time visibility into their digital riskโฏfootprint.โฏBacked by Y Combinator as part of the 2021 winter cohort,โฏCybleโฏhasโฏalsoโฏbeen recognized by Forbes as one of the top 20 Best CybersecurityโฏStartupsโฏToย Watch In 2020.โฏHeadquartered inโฏAlpharetta, Georgia,โฏand withโฏoffices inโฏAustralia, Singapore, andโฏIndia,โฏCybleโฏhas a global presence.โฏTo learn more aboutโฏCyble, visitโฏwww.cyble.com.ย