Freedom Mobile, a Canada-based mobile network company, recently suffered a data breach that exposed around 1.5 million of its customers’ personal information. According to the security researchers Noam Rotem and Ran Locar from the security firm vpnMentor, a technical glitch in an Elasticsearch server exposed five million logs that contained Freedom Mobile customers’ data. The researchers stated the server was left online without password protection, allowing anyone to access the data.
Freedom Mobile stated the unprotected server revealed its users’ sensitive information, including customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types, Freedom Mobile account numbers, and credit card information.
The researchers said that it took around one week for them to report the issue to the owner of the server. “After discovering the data breach, we quickly alerted Freedom Mobile to the issue. When they didn’t immediately respond, we asked contacts at another security site help us reach them in case our emails went to spam. As they eventually replied, we know that this isn’t the case,” the researchers said in a statement. For ethical reasons, we didn’t download the database, so we don’t know exactly how many people were affected.
There are multiple data leaks reported due to unprotected ElasticSearch servers. Recently, an unprotected Elasticsearch server exposed more than 24 million financial and banking documents online. According to the security researcher Bob Diachenko, the exposed server contained highly sensitive data of thousands of individuals who took mortgages over the past decade with the U.S. banks and other financial institutions.
Bob Diachenko stated that he identified the unprotected server on January 10, 2019, which contained 24,349,524 credit and mortgages reports in 51 GB size. The server was taken offline and the data was secured on January 15, 2019, after Diachenko reported the incident to the server’s vendor.
The insecure server allowed open access to the documents that contained loan and mortgage agreements, repayment schedules, financial and tax documents, names, addresses, birth dates, social security numbers, and other sensitive information.