A ghost database comprising millions of records on Georgian people appeared in the cloud before inexplicably vanishing. The alarming leak could make sensitive personal information available to malicious actors.
Bob Dyachenko, a cybersecurity expert and the founder of SecurityDiscovery.com, and the Cybernews research team uncovered an unprotected Elasticsearch index. Elasticsearch is a data analytics and search platform that operates in near real time. The instance was hosted on a server controlled by a German cloud service company.
The data contains a wide range of sensitive personal information regarding citizens of the Republic of Georgia. One of the exposed indices held approximately five million personal data records, while another contained more than seven million phone records with related private data. Georgia, by comparison, has a population of about four million. The data may include duplicate entries as well as records of deceased people.
The millions of files contained data such as ID numbers, full names, birth dates, and gender, they reported. The leaked data most likely also included insurance numbers and phone numbers ‘with descriptive information about the owner’.
The data was apparently linked with 1.45 million car owner details and 7.2 million citizen phone numbers and identities, however some of the data seems to be linked to a 2020 leak. There is no clear indication of who is in charge of overseeing the Elasticsearch index.
The server was taken offline shortly after the discovery, and the public's access to the exposed data was discontinued. But there are still millions of individuals who could be in danger.
Given the current geopolitical environment of high tensions, polarisation, and Russian influence, the exposure of millions of Georgian citizens could have severe consequences.
“Threat actors can weaponize personal data for both political or criminal activities. State-sponsored hackers can exploit the leak for political manipulation, disinformation campaigns, or targeted harassment. Meanwhile, profit-seeking hackers can exploit the data for various malicious activities,” Dyachenko stated.
He warns Georgians to be wary of potential identity theft and fraud efforts, as cybercriminals may attempt to mimic individuals or use other social engineering techniques to hijack accounts and carry out financial crimes.