A leaking database thought to belong to the Russian airline Aeroflot left the details of more than a million people accessible to the public, putting them in danger of cybercrime, the Cybernews research team has discovered.
The team made the discovery during a routine investigation using open-source intelligence (OSINT) methods, coming across an Elasticsearch instance left open that contained more than a million passports – mostly of Russian nationality.
Weighing in at nearly 2GB, the data included names, surnames, birth dates, telephone numbers, nationalities, email and residential addresses, and passport expiration dates, and could have been easily downloaded by any member of the public. Cybernews reached out to Aeroflot, which did not respond to our inquiry.
Follow-up research by the team on May 10 revealed that the database had been moved to a different server, but that the leak had not been plugged – meaning the information is still exposed.
“Extremely sensitive data was leaked that can be used to impersonate a person, even obtain credits from banks,” said a Cybernews spokesman. “What is more, the data leaked could also be used for market research, business intelligence purposes, or plainly sold to call-centers or scammers. Sometimes such data might be used to threaten people with a ransom.”
The leaking database instance was found to be hosted by Russian provider simplecloud.ru. The research team concluded that the dataset might belong to aeroflot.ru, due to correlation between the carrier’s website passenger sign-up form and data uncovered by the leak including extra miles and subscription levels.
NB: This article has been updated since its original publication. It was previously thought the leak had been fixed on April 25, but this was subsequently discovered not to be the case.
More from Cybernews:
Subscribe to our newsletter