Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Chinese Uni Exposes 8TB+ of Email Metadata

A prestigious Chinese university leaked over 8TB of email metadata via an unsecured Elasticsearch database, a researcher has revealed.

Cloudflare director, Justin Paine, discovered the database, which had no authentication, on May 22 after a simple Shodan search.

In total, there were 9.5 billion rows, which equated to 8.4TB of metadata from the popular open source Zimbra email platform. Although the database didn’t contain the subject line or body text of emails, it revealed a significant amount of detail, according to Paine.

“Based on the metadata I was able to locate all email being sent or received by a specific person. This data also included the IP address and user agent of the person checking their email. As such, I could locate all the IPs used and device type of a specific person,” he explained.

“Using this metadata I could see the high level details of a specific email exchange such as which email address was sending or receiving an email from a different email address.”

The data in question came from Shanghai Jiao Tong University, described online as the “MIT of the East,” with over 41,000 students. However, it acted promptly to secure the data once notified, Paine said.

He added that no students appeared to have had their data exposed in the leak.

The discovery is just the latest instance of a major privacy leak via an unprotected Elasticsearch database.

Back in November 2018, the personal information of nearly 82 million Americans was exposed online for at least two weeks after a similar find.

There was another spate of incidents in January this year, exposing millions more records belonging to banks, casinos and non-profits.

According to Elastic, the company behind Elasticsearch, these reports usually indicate that an individual or organization has “actively configured their installations to allow unauthorized and authenticated users to access their data over the internet.”

What’s Hot on Infosecurity Magazine?