A cybersecurity researcher has discovered an exposed Elasticsearch database with millions of login credentials, Wired reported today.
Jeremiah Fowler found the system on May 6. Usually, Fowler told Wired, it’s possible to identify the operator of such a database by analyzing its contents. That wasn’t possible in this case. He believes that the database was most likely created by hackers to store information stolen using malware.
The exposed Elasticsearch environment contained 184 million records that took up 47 gigabytes of storage space. Those records included login credentials associated with millions of accounts.
Fowler analyzed the database by reviewing a sample of 10,000 records. He found the login credentials of more than 850 Google and Facebook users, as…