- Joined
- Jun 28, 2020
- Messages
- 6,507
- Reaction score
- 713
- Points
- 212
- Awards
- 2
The Elasticsearch server was in the public domain on the web from 10 to 16 September.
Security researcher Ata Hakcil of WizCase discovered an unsecured Microsoft-owned Elasticsearch server that contained over 6.5 TB of log files with 13 billion entries retrieved from the Bing Mobile search engine.
According to Haxil, the server was publicly available on the Web from September 10 to 16. Between September 10 and 12, the server was subjected to a meow attack, as a result of which almost the entire database was deleted. When the expert discovered the server on September 12, about 100 million records had been stolen since the attack. On September 14, hackers carried out a second meow attack on the server.
“We have fixed a misconfiguration that exposed a small amount of search query data. After analysis, we determined that the disclosed data was limited and not identified, ”a Microsoft representative confirmed the data breach.
The leak did not affect the personal data of users. However, the server revealed technical details such as search queries, information about users' systems (information about devices, OS, browsers, etc.), geodata, as well as various tokens, password hashes and coupon codes.
The technician reported his findings to the Microsoft Security Response Center (MSRC) and the server was again password protected.
The essence of meow attacks is that hackers replace all indexes in public Elasticserch and MongoDB databases with a random character set with the word meow at the end. For example, one of the victims of the so-called meow attacks was the Elasticsearch database owned by the Hong Kong VPN provider UFO VPN.
Security researcher Ata Hakcil of WizCase discovered an unsecured Microsoft-owned Elasticsearch server that contained over 6.5 TB of log files with 13 billion entries retrieved from the Bing Mobile search engine.
According to Haxil, the server was publicly available on the Web from September 10 to 16. Between September 10 and 12, the server was subjected to a meow attack, as a result of which almost the entire database was deleted. When the expert discovered the server on September 12, about 100 million records had been stolen since the attack. On September 14, hackers carried out a second meow attack on the server.
“We have fixed a misconfiguration that exposed a small amount of search query data. After analysis, we determined that the disclosed data was limited and not identified, ”a Microsoft representative confirmed the data breach.
The leak did not affect the personal data of users. However, the server revealed technical details such as search queries, information about users' systems (information about devices, OS, browsers, etc.), geodata, as well as various tokens, password hashes and coupon codes.
The technician reported his findings to the Microsoft Security Response Center (MSRC) and the server was again password protected.
The essence of meow attacks is that hackers replace all indexes in public Elasticserch and MongoDB databases with a random character set with the word meow at the end. For example, one of the victims of the so-called meow attacks was the Elasticsearch database owned by the Hong Kong VPN provider UFO VPN.
