Skip to main content

Exactis Leak Shows Importance of Securing Elasticsearch Data

Computer Researchers

This week, US-based marketing firm Exactis made headlines for the possible data leak of over 340 million personal records. Think about that for a second: 340 million. That’s more records than the official population in the United States of America (as of 2017).

While the raw number is huge, there is a bit of uncertainty about how many people are named in the leaked dataset. We can be sure that details like phone numbers, mailing addresses, email addresses, age, gender, marital status, and number of children were exposed. I guess if there is one silver lining here, there’s no indication that the dataset includes credit card or Social Security numbers. I guess only time will tell, but I’m pretty certain the firm has learned its lesson, albeit a little late!

Cause of the Leak

How exactly did this leak occur? Allegedly, a security researcher exposed a server, which was easily accessible from the open-internet—it wasn’t locked down by using a traditional firewall. By running basic commands, he was able to query these records in seconds. Can you imagine how he must have felt, seeing the details of millions of other citizens just scrolling by on his screen? Pretty chilling. This security researcher contacted both the firm and the FBI and made them aware of his findings. Remember when I said the firm has learned its lesson? Well, they sure did because they corrected the issue as quickly as possible.

Digging into the details of this, it seems that the ‘database’ that contained all this information was Elasticsearch. For those of you who are familiar with Nuix technology, you know that we provide an ability to index data to Elasticsearch for various reasons, including:

  • Fast, incisive search against large volumes of data
  • High scalability and broad distribution
  • Performing real-time searches

Elasticsearch is the kind of technology that is perfect if you’re dealing with tens or hundreds of terabytes to petabytes of data. Whether you are using it for day-to-day eDiscovery, dealing with investigations or insider threats, or for creating a massive data lake from hundreds of different sources, Elasticsearch has the flexibility to scale as needed.

Securing Elasticsearch

As in most cases, the technology itself was not to blame. In this scenario, Elastic (the company that offers Elasticsearch) offers its users the ability to enrich their Elasticsearch experience using an add-on called X-Pack. X-Pack provides a wide-breadth of features including alerting, monitoring, reporting, machine learning and, finally, security.

Yes – ‘Security’ is the name of the feature that Elastic previously called ‘Shield’. Security provides many aspects to safeguard the data stored in Elasticsearch, including:

  • Authentication,
  • Authorization,
  • Encryption,
  • Layered security, and
  • Audit logging.

X-Pack comes in several forms: Free, Gold, Premium, and Enterprise. Each successive version builds on the previous tier. If you are currently using Elasticsearch in any capacity, I strongly suggest you closely review X-Pack’s features.

The moral of the story here is that if you’ve currently deployed Elasticsearch with Nuix, or you are planning on deploying Elasticsearch in the near-future, be mindful that you need to protect the data. It’s a good idea to air-gap your Elasticsearch nodes.

Configuring X-Pack is not complicated—the benefits far outweigh the potential disastrous consequences. Of course, you’ll still want to make sure that other aspects of your network are tightly controlled. Always remember the five pillars of security: Confidentiality, integrity, availability, non-repudiation, and authentication. Finally, be sure to use the lesson Exactis learned to prevent your own security disaster.

Photo by Hack Capital on Unsplash