Unsecured Database Leaves 8.4TB of Email Metadata Exposed – GovInfoSecurity.com

Unsecured Database Leaves 8.4TB of Email Metadata Exposed  GovInfoSecurity.com

A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4TB of email metadata. While it’s …

Data Masking & Information Archiving , Governance , Information Rights Management

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server

Shanghai Jiao Tong University in China (Image: Wikicommons)

An unprotected database belonging to a major Chinese research university left 8.4TB of email metadata exposed to the internet before school officials locked it down in late May, the security researcher who found the database detailed in a blog post published Sunday.

Buy Kratom Extracts

Left Coast Kratom is here to help you experience the freshest highest quality kratom powders and extracts at competitive prices.

See Also: Sunset of Windows Server 2008: Migrate with Docker

Justin Paine, the director of trust and safety with Cloudflare, first discovered the exposed database, which belongs to Shanghai Jiao Tong University in China, on May 22 of this year. However, within two days of notifying the school’s administration, the university’s IT team had secured the Elasticsearch server, Paine writes.

It’s not clear how long this particular server was left exposed to the internet, but Paine notes in a blog post for Rainbowtabl.es that it does not appear to have affected students at the university.

The database did contain a significant amount of the school’s email metadata, which included information on the sender, destination and time of the emails. Paine notes this data could allow an attacker or cybercriminal to locate all email being sent or received by a specific person.

“This data also included the IP address and user agent of the person checking their email,” Paine writes in his blog post. “As such, I could locate all the IPs used and device type of a specific person.”

Email metadata related to a specific person (Image: Justin Paine)

Paine added that the university’s database did not contain the subject line information or the body of these emails.

A university spokesperson could not be reached for comment.

Significant Data Exposed

Shanghai Jiao Tong University is a major research institute located in Shanghai, and the university’s history dates to its founding in 1896. Currently, the school has more than 16,000 undergraduate students, nearly 22,000 graduate students and over 3,000 faculty members, according to its English-language website.

The university also has a lot of data.

As part of a security research project, Paine found the unsecured database using the Shodan search engine on May 22, 2019. Specifically, he located 9.5 billion rows of data that translates to approximately 8.4TB of data.

The metadata itself appears to have stored through Zimbra, an open source email server and web client platform, which boasts of some 500 million users worldwide.

The amount of data within the Elasticsearch server was also growing at a rapid rate after Paine discovered it. When Paine first observed the unprotected database on May 22, it held 7TB of metadata. By the next day, it has grown to 8.4TB. By May 24, however, the database was secured.

Security Trouble

These types of data exposures, with security researchers and others finding unprotected, cloud-based databases, are becoming increasingly common, especially as organizations move data from on-premises datacenters to various cloud services.

In the past week, Tech Data Corp., one of the largest distributors of hardware, software and software management services, was forced to disable a logging server used for its StreamOne cloud services marketplace after a data exposure. In that case, independent researchers Noam Rotem and Ran Locar found the server was open online and did not require authentication (see: Tech Data Says It Has Closed Off StreamOne Data Exposure).

Before that incident, the same two researchers found that an unsecured database belonging to Canadian mobile operator Freedom Mobile exposed personal details and unencrypted credit card data (see: Canadian Mobile Provider Exposed Payment Card Numbers).

The difference between what happened with the unsecured database Shanghai Jiao Tong University and some of these other incidents is that the email metadata is not as important to cybercriminals as credit card and other payment information, says Chris Morales, head of security analytics at Vectra, a San Jose, California-based threat detection and response firm.

Still, the lack of authentication is a real problem for any organization looking to move data to the cloud.

” The Elasticsearch cloud instance didn’t have authentication and was located using Shodan, an open source network discovery tool,” Morales says. “This is not a security vulnerability. It is a misconfiguration of cloud-based administrative access. This is a real ongoing problem. Uber was compromised in not dissimilar ways, as well as many others. The good news is I can’t think of anything extremely damaging from having email metadata from a university. I don’t think this information was overly private.”