Got one or more Elasticsearch servers running? Time to check if they’re exposed…:
[…] Furthermore, while looking into this issue, Wethington also identified a second hacker who is also targeting Elasticsearch servers. This attacker is breaking into unsecured servers and leaving a message telling victims they’ve been hacked and urging them to reach out via email. Currently, only 40 servers have this message, suggesting the attack is small in scale.