Cyber Security Attacks & Breaches Elasticsearch Data Breach - Genealogy Software Maker Exposes Data...

Elasticsearch Data Breach – Genealogy Software Maker Exposes Data on 60,000 Users

-

A US tech company that manages popular family tree software has exposed tens of thousands of its users’ personal information online via a misconfigured cloud server, according to researchers.

A team from WizCase led by Avishai Efrat discovered the unsecured Elasticsearch server leaking 25GB of data linked to users of the Family Tree Maker software.

First released in 1989, it has had numerous corporate owners, including Broderbund, The Learning Company, Mattel and Ancestry.com, prior to Software MacKiev which is currently in charge of the code.

WizCase informed the US software company of the incident and, although it didn’t receive a reply, the incident was apparently remediated shortly after.

Among the details leaked to the public-facing internet were email addresses, geolocation data, IP addresses, system user IDs, support messages and technical details.

WizCase warned that a hacker could have used the information to craft convincing follow-on phishing attacks and identity fraud.

It also claimed the leaked comments and complaints could have given MacKiev’s competitors an opportunity to target unhappy customers, while technical details could be utilized in a different way.

“The leak exposed technical details about the system’s backend, which could help attackers leverage multiple cyber-attacks on Software MacKiev and its associated companies,” it was claimed.

“That way cyber-criminals can steal additional user data, infect the system with malware or even take complete control over parts of the systems.”

MacKiev is said to have developed the macOS version of Family Tree Maker since around 2010, and bought the Windows version of the software from Ancestry in 2016.

Some 60,000 users are thought to have been exposed in this privacy snafu.

It’s one of many such incidents resulting from configuration errors on internet-connected computing resources. Last week, WizCase disclosed similar issues in multiple e-learning platforms exposing nearly one million records.

Research from earlier this month found the same misconfigurations put the security and privacy of countless users of global dating apps at risk.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you