108M Records Exposed via Misconfigured ElasticSearch Server

Experts Comments (0)
ZDNet reported that a password-less ElasticSearch server belonging to a variety of online casinos has compromised the information on over 108 million bets, including customers’ payment card info, full names, home addresses, phone numbers, email addresses, birth dates, site usernames, account balances, IP addresses, browser and OS details, last login information and more. The payment card details indexed in the server were partially redacted however, meaning that they were not exposing each user’s full financial details. The leaky server was found last week and was just taken offline today and is not accessible anymore.