Within a month, the US government plans to launch a program whose focus will be…
Potential data leakage affected individuals, businesses, and US government agencies.
According to information security experts, on September 13 of this year, they discovered an unprotected Elasticsearch database during a large-scale scan of open ports in a certain range of IP addresses.
“Open Elasticsearch database was discovered through vpnMentor’s web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within”, — notes Noam Rotem, head of the vpnMentor.
The repository contained 179 GB of information, which included critical personal information.
From the records could be learned:
In some cases, the database contained the time of arrival of the client at the hotel and his email address.
The storage hosted on Amazon Web Service (AWS) servers and, according to vpnMentor experts, belonged to AutoClerk. The database included data from hotel management services, in particular myHMS, CleanMeNext and SynXis, to which many travel agencies and hotels were connected. Experts noted that attackers could use this information for cyberattacks and real threats against hotel customers.
Read also: Cozy Bear hack group is still active and attacks European foreign ministries
The storage remained open until October 2, 2019 and was closed only after about it was reported to representatives of the US Department of Defense.
What is more uncommon, however, is that the US government and military figures have also been involved in this security incident.
It appears that one of the platforms connected to Autoclerk exposed in the breach is a contractor of the US government that deals with travel arrangements.
Within the records, for example, were logs for US Army generals visiting Russia and Israel, among other countries.
“The greatest risk posed by this leak is to the US government and military. Significant amounts of sensitive employee and military personnel data could now be in the public domain. This gives invaluable insight into the operations and activities of the US government and military personnel. The national security implications for the US government and military are wide-ranging and serious.”
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…