Data belonging to 32 million customers of SKY Brasil has been exposed online long enough to make their theft very likely, an independent security researcher discovered. Fábio Castro found that the data cache could be reached by anyone that knew where to look on the internet. Using the Shodan search engine, he was able to discover multiple servers in Brazil running Elasticsearch that made information available without authentication.
A cluster of servers called “digital-logs-prd” attracted the researcher’s attention and with a simple command, he listed the indices available, one of them 429.1GB in size. The file included personally identifiable information of SKY Brasil customers, which featured full name, email address, service login password, client IP address, payment methods, phone number, and street address.
Read more about this massive data leak on BleepingComputer.