16.8M Records Exposed Due to Misconfigured Elastic Database

 On June 27, 2021, Cyble researchers acquired a misconfigured elastic database comprising 16.8M records of customs data. The compromised data includes business and customs-related information. 

Upon further investigation, we found that this incident affects Argentina, Chile, Colombia, Costa Rica, Ecuador, England, India, Korea, Pakistan, Panama, Paraguay, Peru, Russia, Ukraine, Uruguay, USA, and Venezuela. 

Figure 1 shows the exposed elastic database. 

Figure 1: Exposed Elastic Database 

Figure 2 shows the distribution of the exposed data in terms of the affected nations. 

Figure 2: Distribution of Exposed data 

The leaked data contains sensitive information such as: 

  • Importer Registration Dateย 
  • Importer Details including Name, Address, Phone Number, and Email ID.ย 
  • Product Description and Quantity
  • HS Code of the productย 
  • Unit Priceย 
  • Supplier Name and Addressย 

Figure 3 and 4 shows a sample of the leaked data. 

Figure 3: Sample Leaked Data 

Figure 4: Sample Leaked Data 

The dataset includes headers like โ€˜importerโ€™ and โ€˜hs_codeโ€™.ย Harmonized Systemย (HS)ย is an internationally standardized codingย system used inย theย classification of tradedย products.ย Theย number ofย importers impactedย by this leakย is 117,843,ย and the totalย number ofย HSย codesย exposed isย 38,625.ย ย 

We have observed that the database appears to be a backup taken in 2020. The leaked information has the potential to reveal competitor strategy and pricing details. Apart from this, it can be further misused by cybercriminals to launch targeted phishing attacks on impacted importers and exporters.  

Data leaks expose sensitive user data and critical infrastructure of enterprises and may even put confidential data in the wrong hands. Despite emphasis being laid on data security, cybercriminals are looking for newer ways to evade organizations’ defenses to gain unauthorized access to valuable data. 

Our Recommendations 

Weโ€ฏalsoโ€ฏsuggestโ€ฏyou followโ€ฏtheย essentialโ€ฏbest practicesโ€ฏgiven below:โ€ฏโ€ฏ

  • Followโ€ฏgoodโ€ฏrisk managementโ€ฏpracticesโ€ฏandโ€ฏcarry outโ€ฏrisk-assessmentโ€ฏofโ€ฏdifferentโ€ฏassetsโ€ฏregularly.โ€ฏย 
  • Undertakeโ€ฏperiodicโ€ฏauditingโ€ฏofโ€ฏthird-party risks.โ€ฏย 
  • Never share your personal information, including financial information, over the phone, email, orโ€ฏSMSes.โ€ฏโ€ฏโ€ฏโ€ฏย 
  • Useย strongย passwords as well as implement multi-factor authentication.โ€ฏโ€ฏย 
  • Make it a habit to keep a watch on your financial transactions, and if you notice any suspicious activity, contact yourโ€ฏbank immediately.โ€ฏโ€ฏย 
  • Turn on the automatic software update feature on your computer,โ€ฏmobile, and other connected devices wherever possible and pragmatic.โ€ฏโ€ฏโ€ฏย 
  • โ€‹Never open untrusted links and email attachments without verifying their authenticity.โ€ฏย 

About Cyble:   

โ€ฏCybleโ€ฏis a globalโ€ฏthreat intelligenceโ€ฏSaaSโ€ฏprovider that helps enterprises protect themselvesโ€ฏfrom cybercrimesโ€ฏandโ€ฏexposure in theโ€ฏdarkweb.โ€ฏCybleโ€™sย prime focusโ€ฏis to provide organizations with real-time visibility into their digital riskโ€ฏfootprint.โ€ฏBacked by Y Combinator as part of the 2021 winter cohort,โ€ฏCybleโ€ฏhasโ€ฏalsoโ€ฏbeen recognized by Forbes as one of the top 20 Best Cybersecurityโ€ฏStartupsโ€ฏToย Watch In 2020.โ€ฏHeadquartered inโ€ฏAlpharetta, Georgia,โ€ฏand withโ€ฏoffices inโ€ฏAustralia, Singapore, andโ€ฏIndia,โ€ฏCybleโ€ฏhas a global presence.โ€ฏTo learn more aboutโ€ฏCyble, visitโ€ฏwww.cyble.com.ย 

Scroll to Top