Over three million records, containing detailed information about vehicles and their owners, have been left open online. The weirdest part? There‘s no clear owner of the exposed dataset.
The Cybernews research team has discovered that an unprotected Elasticsearch cluster exposed over 3.3 million records with vehicle registration data. While the exposed instance is untraceable, the team believes it could belong to a Lebanese government agency, as the exposed records come from Lebanon.
The exposed information displays numerous aspects of vehicle ownership in the West Asian nation, revealing a blend of detailed personal and technical vehicle information. According to the team, the records in the dataset exposed:
- Vehicle production dates
- Chassis and engine numbers
- Owners’ names
- Dates of birth
- Phone numbers
“Information in the dataset and the way the data suggests a well-maintained vehicle registration system capable of tracking extensive data,” the researchers said.
The team surmised that the dataset reflects Lebanon's multilingual elements and familial references, which point to norms that allow vehicle owners to be identified via family connections. Moreover, the dataset is organized to reflect Lebanese administrative regions, which allows dataset owners to familiarize themselves with vehicle distribution across different regions of the country.
“Certain records are designated for "special needs," indicating tailored information that could assist in specific policy-making or service provision,” the team said.
The researchers believe anyone with access to this type of information could use it to comprehensively track Lebanese vehicle administration and analyze vehicle usage patterns, ownership trends, and demographic correlations.
Earlier this month, researchers discovered another dataset with information about vehicles and their owners. Specifically, a highly sensitive database with details on 762,000 China-based car owners and their vehicles.
While the Lebanese dataset likely belongs to a government agency, the unknown nature of its ownership could mean the owners are malicious actors upholding the information for nefarious purposes. Either way, it’s highly unlikely that individuals whose details were exposed will ever be notified about the leak.
Your email address will not be published. Required fields are markedmarked