Researchers uncovered a massive misconfigured Elasticsearch database exposing sensitive Swedish citizens’ data, potentially originating from Risika’s systems. This incident highlights risks of data breaches caused by poor database security and mismanagement. #Elasticsearch #Risika
Keypoints
- A misconfigured Elasticsearch server exposed hundreds of millions of sensitive records of Swedish citizens.
- The database contained detailed personal and financial information such as IDs, addresses, and income data.
- The data was linked to the Danish fintech firm Risika, but the breach could involve a downstream client.
- Risika denied any direct involvement, asserting they do not own or access the leaked data.
- The incident underscores the critical importance of proper security configurations for internet-facing databases.