Shanghai Jiao Tong University exposed 8.4 TB of email data
An exposed database belonging to Shanghai Jiao Tong University exposed 8.4TB in email metadata after failing to implement basic authentication demands.
The exposed server was discovered on May 22, 2019, by Cloudflare Director of Trust & Safety Justin Paine.
As described on the Rainbowtabl.es security blog, Paine found the ElasticSearch database through a Shodan search.
The open database contained 9.5 billion rows of data and was active at the time of discovery, given that its size increased from 7TB on May 23 to 8.4TB only a day later.
The database belongs to Shanghai Jiao Tong University, a large academic institution based in China. The university caters for over 41,000 students in undergraduate to Ph.d. capacities.
The information contained in the database was packaged up through Zimbra, a popular open-source email solution used by over 200,000 businesses worldwide.
It appears that the bulk email cache related to email being sent “by a specific person,” according to the researcher, and also included the IP addresses and user agents of those checking their email.
Email threads between specific users could be seen, but it is worth noting that only the metadata was involved, and neither subject lines or email body content was exposed.
A day after the discovery, Shanghai Jiao Tong University was notified of the open server. To the institution’s credit, the leak was plugged within 24 hours.
“While searching Shodan, I recently discovered an ElasticSearch database without any authentication,” Paine said. “This database contained metadata related to a huge amount of emails. I would like to thank the university’s security team for their prompt action to secure this data once notified. As far as I am aware they have not notified the impacted students though.”
Shodan is becoming a common factor in researchers discovering open, unsecured databases and servers. Earlier this month, researchers from vpnMentor found an open database which exposed 85.4GB in security audit logs belonging to major hotel chains and independent resorts via a property management company.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise