Show vulnerabilities with patch / with exploit
3 April 2020

Someone’s wiped out over 15,000 unprotected Elasticsearch servers


Someone’s wiped out over 15,000 unprotected Elasticsearch servers

Over the past two weeks, a hacker has been breaching Elasticsearch servers left exposed on the internet without password protection attempting to delete their content, while attempting to put blame on a cyber-security firm, ZDNet reports.

The attacks have started around March 24 and appear to be carried out using an automated script that searches the internet for unprotected Elasticsearch servers, connects to the databases, attempts to wipe their content, and then creates a new empty index called nightlionsecurity.com.

Vinny Troia, the owner of Night Lion Security, has denied his company’s involvement in the attacks saying that he believes that the campaign has been conducted by the hacker he has been tracking for the past few years.

According to BinarySearch, in the past few days the number of compromised Elasticsearch servers where the nightlionsecurity.com index is now present has risen to more than 15,000. For comparison, BinaryEdge lists a total of 34,500 Elasticsearch servers that are directly exposed on the public internet.

Troia said he notified law enforcement about the attacks. The Elastic security team has also been informed about the issue and now is looking into the matter.

Back to the list

Latest Posts

Vulnerability summary for the week: May 29, 2020

Vulnerability summary for the week: May 29, 2020

Weekly vulnerability digest.
29 May 2020
Japan defense data may have leaked after cyber attack on Japanese telecommunications giant NTT

Japan defense data may have leaked after cyber attack on Japanese telecommunications giant NTT

NTT Communications said hackers gained access to its internal network and stole information on 621 customers.
29 May 2020
Sandworm hacking group exploiting Exim flaw since at least 2019

Sandworm hacking group exploiting Exim flaw since at least 2019

The NSA is urging system administrators to update Exim by installing version 4.93 or newer to mitigate the vulnerability.
29 May 2020