- Alinto left Elasticsearch cluster exposed online
- 40 million SMTP records leaked, including 4.5 million unique emails
- Data from major corporations and French government agencies at risk
A French email solutions provider kept an Elasticsearch cluster open on the internet, leaking email addresses and location details on millions of people, as well as large corporations and government entities, experts have warned.
The cluster contained 40 million Simple Mail Transfer Protocol (SMTP) records that were available to anyone with an internet connection, a browser, and knowledge on where to look. The server also apparently hosted an SMTP server under Cleanmail.eu, which is Alintos’ email security relay solution.
Security researchers from Cybernews discovered the open database and notified the owners, who subsequently locked it down.
Article continues below
Risk potential
In its research report, the Cybernews team said it found an Elasticsearch cluster belonging to Alinto, a French company that offers “solutions to keep email communication up and running, protect email infrastructure from cyber-attacks, and ensure the deliverability of high-volume transactional emails.”
The server also apparently hosted an SMTP server under Cleanmail.eu, which is Alintos’ email security relay solution.
The records contained the following information:
Sender email address,
Recipient email address,
Location details,
Relay IP addresses
Among the affected companies were L’Oreal, Renault, and DHL, as well as “numerous French government agencies”, including government branches, municipalities, but also French embassies worldwide – with at least 14,000 unique government email addresses leaked.
While losing email addresses doesn’t feel like much of a damage, Cybernews explained why the leak is potentially dangerous:
“Having information about which addresses communicate between each other, and at what times reveal behavioural data, which can help with further attacks – impersonating a person you commonly communicate with, sending communications as expected when they are expected,” the Cybernews team explained.
“Moreover, this can also help build relationship maps which can be used to infer certain sensitive company information, such as launches of new products.”
Of the 40 million records, at least 4.5 million are unique email addresses, which might be seeing more spam going forward. It is unknown if any threat actors discovered the database before the researchers.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/zzmKpXMPYoFEkfsHb7tAqF-2121-80.jpg
Source link
