Exploit: Unsecured Database
Edureka: Education Technology Provider
Risk to Small Business: 1.866 = Severe
Cybersecurity researchers discovered an unsecured Elasticsearch server belonging to Indian education technology service Edureka that was overflowing with information for bad actors to savor – 25 gigabytes of fresh data, containing more than 45 million breached records of personal data from users. Many of the records were duplicates or fragments, obfuscating the real impact. After informing the company and not receiving a response, the researchers informed the Indian Computer Emergency Response Team (CERT-In) and the server was secured.
Individual Risk: 2.661 = Moderate
The exposed server contained names, addresses, and phone numbers for users primarily located in India, although some US users were also impacted.
Customers Impacted: 2 million estimated
How it Could Affect Your Customers’ Business: Failing to secure a server is a rookie move and an indication that a company may not be using cybersecurity best practices elsewhere in the organization.