The massive dataset was spread across 25 different indexes.
More than 100 million records belonging to Swedish individuals and organisations have been inadvertently leaked by an unsecured Elasticsearch server.
According to Cybernews researchers, full legal names, personal identity numbers, birthdates, gender, and address histories, as well as deceased people's information, emigrants' foreign addresses, income tax details, debt records, property ownership details, bankruptcy histories, migration status, and other activity and event logs were included in the massive dataset. These were spread across 25 different indexes.
While further analysis of the exposed database revealed links to major Nordic business intelligence data analytics firm Risika, such Elasticsearch server — which has since been taken offline — was noted to have been managed by a still unknown third party.
Threat actors could harness the exposed data to facilitate social engineering, phishing, and extortion schemes, as well as conduct corporate espionage activities, said researchers.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
