Unsecured Elasticsearch server breached in eight hours flat

Survival time on the internet has been a constant topic since at least the days of XP. Survival time in the Cloud might be a new variant…:

[…] “Although we do our best to quickly alert whoever is responsible for exposures we find, the data often sits exposed and vulnerable for anywhere from a few hours up to a few weeks while we hunt down the owner and wait for a response,” said Diachenko. “Time is of the essence in these situations. We wanted to find out how fast data can be compromised if left unsecured. So we set up a honeypot.”

Diachenko and his team created a simulated database on an Elasticsearch instance and filled it up with fake user data. Then they left it completely exposed to see what would happen.

The database was set up on 11 May and was removed on 22 May. In that time, Diachenko reported, 175 unauthorised requests were made, averaging 18 a day. The first came on 12 May, just eight hours and 35 minutes after deployment.


Original article here