Massive Data Leak: Misconfigured Elasticsearch Server Exposes Hundreds of Millions of Swedish Records
Ddos 
Researchers at CYBERNEWS, during a routine scan of the internet, discovered a misconfigured Elasticsearch server containing a vast database of hundreds of millions of records detailing Swedish citizens and businesses.
Over the past decade, data breaches stemming from misconfigured Elasticsearch databases have become alarmingly common. In numerous cases, developers or organizations have failed to implement proper security authentication when deploying their databases, resulting in vast troves of sensitive information being left exposed to the public internet.
The newly uncovered database includes highly detailed personal information about Swedish citizensβsuch as national identification numbers, birthdates, gender, historical addresses (both domestic and international), citizenship status, records of deceased individuals, immigration data, debt histories, payment annotations, bankruptcy records, property ownership indicators, income tax details, behavioral data, event logs, and various financial insights.
Upon analysis, researchers attributed the data to Danish digital fintech company Risika, which specializes in providing real-time credit assessments, risk monitoring, and financial intelligence services to businesses for evaluating personal creditworthiness and lending decisions.
This attribution was based on the presence of βdwh*β (data warehouse) labels within the database and index names that closely aligned with known Risika productsβstrong indicators that the data likely originated from Risikaβs systems.
However, the researchers noted that Risika holds commercial licenses that allow it to legally distribute data to third parties. This raises the possibility that the breach may have stemmed not from Risika itself, but from a downstream client who had purchased and improperly configured the data infrastructure.
Following notification by the researchers, the database was secured and taken offline the next day. Nonetheless, Risika firmly denied any direct involvement, stating: βOur preliminary investigation indicates that the data referenced in the reported leak contains information that we do not own, store, or have access to through our business operations. This suggests that our systems are not the source of this particular data breach.β
Related Posts:
- Critical Bubble.io Vulnerability Exposes Apps to Data Theft via Elasticsearch, No Patch
- Swedish data protection watchdog has warned companies against using Google Analytics
- 32% Surge in US Mobile Fraud! Banking Malware Run Rampant as Market Booms
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
