A digital risk management company called DarkBeam exposed records containing user emails and passwords from both previously disclosed and unreported data breaches by leaving an Elasticsearch and Kibana interface open.
It appears that DarkBeam has been gathering data to notify its clients in the event of a data breach.
The issue will probably have an impact on more people than just DarkBeam users.
Although the majority of the information that has been released originates from well-known sources, the thorough organization of this information poses a serious threat to those whose credentials have been revealed.
Threat actors may utilize the personal information of impacted individuals to construct well-designed phishing operations.
Source: https://securityaffairs.com/151566/security/darkbeam-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/darkbeam
"id": "dar02321023",
"linkid": "darkbeam",
"type": "Data Leak",
"date": "09/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Digital Risk Management',
'name': 'DarkBeam',
'type': 'Company'}],
'attack_vector': 'Open Elasticsearch and Kibana Interface',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['User emails', 'Passwords']},
'description': 'DarkBeam exposed records containing user emails and passwords '
'from both previously disclosed and unreported data breaches '
'by leaving an Elasticsearch and Kibana interface open.',
'impact': {'data_compromised': ['User emails', 'Passwords'],
'systems_affected': ['Elasticsearch', 'Kibana']},
'title': 'DarkBeam Data Exposure Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Misconfigured Elasticsearch and Kibana'}