The University of Chicago Medicine Exposed ‘Perspective Givers’ Database With More Than A Million of Records

One of the top news of recent time is about Elasticsearch which is a multitenant-capable, distributed, full-text search engine based on Lucene library. It is noticed to suffer misconfigurations and related data incidents, even after the company introduced free security packs for all its users. This is a search engine that be capable of searching all kinds of documents. And SecurityDiscovery.com has reported to register at least 5-10 big cases every month and also that this number did not seem to go down.

On May 28th they have discovered an public and openly available Elasticserach instant where, data that appeared was a part of The University of Chicago Medicine. This was reported to be a huge database that has appeared with data about 'leads' and 'perspective and existing givers' of the organization. They also reported that a 34GB-sized cluster named as 'data-ucmbsd2' appeared to indexed by Shodan and was available to anyone who knew where to look for. This database was reported to contain 1,679,993 records of Personal Identity related data, including that of the alleged owner - which they used to notify the university. After the notification, the database was secured within 48 hours.

This proves how dangerous it is to have an exposed (passwordless) Elasticsearch or any other NoSql database is. Bob Diachenko, Securitydiscovery.com, added that he had already conveyed how the lack of authentication allowed installation of ransomware or malware into ES servers. And that the public configuration would allow or increase the possibility of hackers to manage the whole system with full root user privileges. Once if any malware get its place, the hackers can remotely access the server and its resources or can even launch a RCE - Remote Code Execution attack to steal or to entirely destroy any data the server hosts.

He added that, noticing this never-ending loop of such incidents, they at SecurityDiscovery.com have determined to host a live educational session for raising awareness on cyber security within any organization, to prevent such potential issues from happening. He said that, it can be an online webinar for about an hour long with Q&A session or as an offline meet at your premises. And that any clarifications can be made at alert(at)securitydiscovery.com or bob(at)securitydiscovery.com