Independent security researcher Fabio Castro found data belonging to 32 million customers of SKY Brasil exposed online. “Using the advanced features of the Shodan search engine, he was able to discover multiple servers in Brazil running Elasticsearch that made information available without authentication,” reports BleepingComputer. “A cluster of servers called ‘digital-logs-prd’ attracted the researcher’s attention and with a simple command, he listed the indices available, one of them 429.1GB in size.” From the report: The file included personally identifiable information of SKY Brasil customers, which featured full name, email address, service login password, client IP address, payment methods, phone number, and street address. SKY Brasil is a telecommunications company that also offers television services, being the second largest provider of pay-TV services in the country, according to statistics from March. In a conversation with BleepingComputer, Castro said that he reported his findings to the company who fixed the problem by restricting access with a password, an operation that takes just a few minutes. Because the server has been exposed for a long time, the protective measure may have come too late. Castro told us that it is very possible that criminals have already grabbed the data.

Tags: