16.8M Records Exposed Due to Misconfigured Elastic Database

 On June 27, 2021, Cyble researchers acquired a misconfigured elastic database comprising 16.8M records of customs data. The compromised data includes business and customs-related information. 

Upon further investigation, we found that this incident affects Argentina, Chile, Colombia, Costa Rica, Ecuador, England, India, Korea, Pakistan, Panama, Paraguay, Peru, Russia, Ukraine, Uruguay, USA, and Venezuela. 

Figure 1 shows the exposed elastic database. 

Exposed elastic databas

Figure 1: Exposed Elastic Database 

Figure 2 shows the distribution of the exposed data in terms of the affected nations. 

Distribution of Exposed data 

Figure 2: Distribution of Exposed data 

The leaked data contains sensitive information such as: 

  • Importer Registration Date 
  • Importer Details including Name, Address, Phone Number, and Email ID. 
  • Product Description and Quantity
  • HS Code of the product 
  • Unit Price 
  • Supplier Name and Address 

Figure 3 and 4 shows a sample of the leaked data. 

Sample Leaked Data

Figure 3: Sample Leaked Data 

Sample Leaked Data

Figure 4: Sample Leaked Data 

The dataset includes headers like ‘importer’ and ‘hs_code’. Harmonized System (HS) is an internationally standardized coding system used in the classification of traded products. The number of importers impacted by this leak is 117,843, and the total number of HS codes exposed is 38,625.  

We have observed that the database appears to be a backup taken in 2020. The leaked information has the potential to reveal competitor strategy and pricing details. Apart from this, it can be further misused by cybercriminals to launch targeted phishing attacks on impacted importers and exporters.  

Data leaks expose sensitive user data and critical infrastructure of enterprises and may even put confidential data in the wrong hands. Despite emphasis being laid on data security, cybercriminals are looking for newer ways to evade organizations’ defenses to gain unauthorized access to valuable data. 

Our Recommendations 

We also suggest you follow the essential best practices given below:  

  • Follow good risk management practices and carry out risk-assessment of different assets regularly.  
  • Undertake periodic auditing of third-party risks.  
  • Never share your personal information, including financial information, over the phone, email, or SMSes.     
  • Use strong passwords as well as implement multi-factor authentication.   
  • Make it a habit to keep a watch on your financial transactions, and if you notice any suspicious activity, contact your bank immediately.   
  • Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic.    
  • ​Never open untrusted links and email attachments without verifying their authenticity.  

About Cyble:   

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. 

Scroll to Top