The team made the discovery during a routine investigation using open-source intelligence (OSINT) methods, coming across an Elasticsearch instance left open that contained more than a million passports – mostly of Russian nationality.
Weighing in at nearly 2GB, the data includes names, surnames, birth dates, telephone numbers, nationalities, email and residential addresses, and passport expiration dates, and could have been easily downloaded by any member of the public.
Cybernews reached out to Aeroflot and the database leak appears to have been plugged on April 25, although at the time of writing it has not responded to our inquiry.
“Extremely sensitive data was leaked that can be used to impersonate a person, even obtain credits from banks,” said a Cybernews spokesman. “What is more, the data leaked could also be used for market research, business intelligence purposes, or plainly sold to call-centres or scammers. Sometimes such data might be used to threaten people with a ransom.”
The leaked database instance was found to be hosted by Russian provider simplecloud.ru. The research team concluded that the dataset might belong to aeroflot.ru, due to the correlation between the carrier’s website passenger sign-up form and data uncovered by the leak including extra miles and subscription levels.
For full story see Cybernews