A ghost database containing millions of records on Georgian citizens appeared in the cloud and then mysteriously vanished, APA reports citing Cybernews.
It was reported that the concerning leak potentially leaves sensitive personal data vulnerable to malicious actors.
Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews research team discovered an unprotected Elasticsearch index. Elasticsearch is a platform for data analytics and search in near real-time.
The instance was hosted on a server owned by a Germany-based cloud service provider. The data contained a wide range of sensitive personal details related to citizens of the Republic of Georgia.
One of the exposed indices included nearly five million individuals’ personal data records, and another contained over seven million phone records with associated personal information. For comparison, Georgia has a population of almost four million. The data may include duplicate entries and records on deceased people.
“The data appears to have been collected or aggregated from multiple sources, potentially including governmental or commercial data sets and number identification services,” Dyachenko said.
Part of the data appears to be linked to a leak from 2020, however, the data was seemingly combined with 7.2 million citizen phone numbers and identifiers, as well as 1.45 million car owner details.
No direct information identifies the entity responsible for managing the Elasticsearch index.
Shortly after the discovery, the server was taken offline, and public access to the exposed data was closed.
However, the potential dangers for millions of people remain.
Follow us on Telegram
t.me/apanewsaz
Follow us on Instagram
Follow us on TikTok
Follow us on Facebook
Follow us on X
