An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016. A database holding more than 20 million Russian tax records was found unprotected, leaving personal tax data accessible to anyone with a web browser, researchers reported this week. The AWS Elasticsearch cluster contained data on Russian citizens spanning 2009 to 2016, according to Comparitech, which partnered with security researcher Bob Diachenko to investigate the leak. No password or any authentication was needed to access the cluster, which has now been taken offline. Researchers cannot confirm whether data was taken.
Source: Dark Reading