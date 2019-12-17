Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Data Leak Exposes One Million Web Browsing Records

Security researchers have uncovered a massive 890GB database containing over one million highly sensitive web browsing records leaked by a South African IT company.

The Elasticsearch database, which was left online without any password protection, belonged to Conor, which has a range of big-name ISP and telco clients in Africa and South America, according to vpnMentor.

The unencrypted data trove related to a web filtering product the South African firm produced for these clients. Effectively this meant it revealed user activity logs for the previous two months, including website URLs, IP address, index names, and MSISDN codes which identify mobile users on a specific network.

These details include highly sensitive web browsing activity such as attempts to visit pornography sites, social media accounts, online storage including iCloud and messaging apps such as WhatsApp.

“Because the database gave access to a complete record of each user’s activity in a session, our team was able to view every website they visited – or attempted to visit. We could also identify each user,” the vpnMentor team explained.

“For an ICT and software development company not to protect this data is incredibly negligent. Conor’s lapse in data security could create real-world problems for the people exposed.”

If hackers had access to the leaked browsing data, exposed customers could find themselves targeted for blackmail and extortion due to the sensitive nature of the sites they may have visited.

That’s not to mention the reputational impact on Conor itself, among its client base, and the ISPs to whom end users would probably turn their ire in the event of a serious breach.

This is just the latest in a long line of exposed Elasticsearch databases revealed by vpnMentor as part of a major web mapping project designed to improve cloud security.

Erring brands have included cosmetics giant Yves Rocher, Canadian telco Freedom Mobile, and Best Western Hotels.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

New Orleans Scrambles to Respond to Ransomware Attack

2
News

Over One Billion Email-Password Combos Leaked Online

3
News Feature

Top Ten: Things We Learned in 2019

4
News

Fake Payment Page Tricks Rooster Teeth Customers

5
News

Suspected Maze Ransomware Attack Disrupts Major US Wire Manufacturer

6
News

Airport Facial Recognition System Fooled

1
News

Emotet Spammers Send Christmas Phishing Emails

2
News

Data Leak Exposes One Million Web Browsing Records

3
News

One in 172 RSA Keys Vulnerable to Attack: Report

4
Opinion

Illuminate Dark Data and Avoid Severe Security Risks

5
Blog

Year in Review: Social Engineering Attacks

6
News

Orbitz and Expedia Agree to Data Breach Settlement with Pennsylvania

1
Webinar

2019 Cybersecurity Headlines in Review

2
Webinar

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions

3
Webinar

Fact & Fiction in Advanced Threat Detection

4
Webinar

Make Privileged Access Admin Work and Block Lateral Movement by Attackers

5
Webinar

Zero Trust in Practice: Why Identity Drives Next-Gen Access

6
Webinar

Clearing the Path to Software-Defined Segmentation

1
Blog

Year in Review: Need for Better Security Effectiveness

2
Blog

Year in Review: DNS Security

3
Next-Gen

Driving Tech Education in Foreign Lands

4
Blog

Year in Review: Cybercrime

5
Interview

Five Continents, Five Voices: Charl van der Walt, Africa

6
Blog

Security by Sector: Nozomi Networks Teams with IBM to Secure Industrial Infrastructure