https://www.theregister.com/2020/06/10/keepnet_data_breach_kerfuffle/
By Gareth Corfield
The Register
10 June 2020
Comment - UK-based infosec outfit Keepnet Labs left an 867GB database of
previously compromised website login details accessible to world+dog
earlier this year – then sent lawyers' letters to bloggers in a bid to
erase their reports of its blunder.
A contractor left the Keepnet Elasticsearch database unsecured back in
March after disabling a firewall, exposing around five billion harvested
records to the public internet, the firm admitted in a statement
yesterday.
The database was indexed by a search engine, and came to the attention of
noted infosec blogger Volodymyr "Bob" Diachenko, who wrote it all up.
Keepnet disputed Diachenko's initial characterisation of the breach, and
things spiralled from there.
As reported by news website Verdict, Keepnet was stung by Diachenko's
initial post about the gaffe, which Keepnet interpreted as the blogger
blaming the business for leaking its own customers' data – none of its own
clients' data was exposed, but rather info from previous publicly known
database exposures. Diachenko said the database contained email addresses,
hashed passwords, the sources of the information, and other details, all
gathered from previous leaks by hackers.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
