A leaky database belonging to 32 million customers of SKY Brasil is available to anyone without any password protection.
A Brazilian security researcher Fabio Castro discovered multiple servers in Brazil running Elasticsearch that doesn’t need any authentication to retrive information, was available for hackers to steal informations.
According to the security researcher, the informations contained on the database included customers’ full names, email addresses, service login passwords, client IP addresses, payment methods, phone numbers, and street addresses.
The size of one of the databases discovered was over 429GB, and it contained very sensitive informations of SKY customers.
“The data the server stored was Full name, e-mail, password, pay-TV package data (Sky Brazil), client ip addresses, personal addresses, payment methods,” Castro told BleepingComputer. “Among other information the model of the device, serial numbers of the device that is in the customer’s home, and also the log files of the whole platform.”
Sky Brasil did not reply to a request for a comment.