German cloud service provider exposes entire Georgian country population - millions of personal data files leaked

News
By
published

Non-password-protected database discovered online

Data leak
(Image credit: Shutterstock)
  • Security researchers found an Elasticsearch index with millions of entries
  • The database contained personal information on millions of Georgians
  • It was traced back to an unnamed German cloud provider

A German cloud service provider has unintentionally exposed sensitive data on probably the entire population of Georgia, security researchers are saying.

Cybersecurity expert Bob Dyachenko, of SecurityDiscovery.com said they recently discovered an non-password-protected Elasticsearch index containing a “wide range of sensitive personal details” belonging to Georgians. The index hosted two indices, one with almost five million personal data records, and another with more than seven million.

Given that the entire population of Georgia counts less than four million people, it’s safe to assume that even with numerous duplicate entries, all of its citizens could be at risk of identity theft, phishing, and more.

Shutting down the leak

The archives contained people’s ID numbers, full names, birth dates, genders, phone numbers, and other sensitive information.

“The data appears to have been collected or aggregated from multiple sources, potentially including governmental or commercial data sets and number identification services,” Dyachenko said.

The researchers traced the instance back to a server owned by a German cloud service provider. The researchers did not name the company, and said that the server was taken offline “shortly after discovery”. It was left unclear if the company was notified of the leak. Therefore, we also don’t know if any threat actors found the archives in the meantime, and if the data had been exfiltrated elsewhere.

“Without clarity on data ownership, recourse for affected individuals is limited, and it remains challenging to enforce data protection laws or seek accountability,” the researcher said. “This leak highlights the complexities of cross-border data protection and regulation.”

Via Cybernews

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
Top healthcare company exposes data on millions of patients - find out if you're affected
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
A graphic showing fleet tracking locations over a city.
Disability monitoring tool leaked personal information online
Businessman holding a magnifier and searching for a hacker within a business team.
Top Mexican fintech firm leaks details on 1.6 million customers
Data leak
This top security camera streaming app may have been putting thousands of users at risk
Latest in Security
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
Microsoft
Microsoft names cybercriminals who created explicit deepfakes
Latest in News
An operator fires a saw blade from a weapon
Call of Duty: Black Ops 6 Season 3 gets two-week delay, will now release in April
Apple iPad A16
Apple's new entry-level iPad ups the performance for the same price, but doesn't support Apple Intelligence
iPad Air M3
Apple updates iPad Air with powerful M3 chip and pairs it with Pro-level Magic Keyboard
Samsung Galaxy Z Flip 6 in blue
The Samsung Galaxy Z Flip 7 might improve on its predecessor in one crucial way
Nvidia RTX 5070 Founders Edition GPU shown against a green and black backdrop
Nvidia RTX 5070 early pricing hints at plenty of GPUs at the MSRP – but I’ll believe it when I see it
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
More about security
Illustration of a hooked email hovering over a mobile phone

AWS misconfigurations reportedly used to launch phishing attacks
A pair of hands using a keyboard

Microsoft SharePoint hijacked to spread Havoc malware
Samsung TV deals

Samsung's spring sale is slashing prices on its best-selling TVs: save up to $1,200
See more latest