The UK media outlet The Telegraph has leaked 10 TB of subscriber data after failing to properly secure one of its databases.
The popular researcher Bob Diachenko discovered an unprotected 10 TB database belonging to the UK newspaper The Telegraph. The unsecured database was discovered on September 14, 2021, it included internal logs and subscriber information.
The data was stored on an exposed Elasticsearch cluster, most of the data were encrypted, but personal details of at least 1,200 Telegraph subscribers and registrants were in clear test along with a a huge trove of internal server logs.
Subscriber data exposed includes full names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers. The database also included some Apple news subscribers or registrants’ passwords.
Diachenko notified The Telegraph the day it discovered the unsecured database, two days later, on September 16, 2021, after not receiving a response he shared the news via Twitter.
The newspaper’s security team secured the data the same day.
#telegraph #UK #dataleak #yokdata #blog #BeCyberSmart