The French daily newspaper, Le Figaro, has exposed about 7.4 billion records, which had personally identifiable information (PII) of employees, reporters, and at least 42,000 users.
The database, which was discovered by the team of security experts from Safety Detectives, which is led by the researcher Anurag Sen, also included data from the accounts registered between February and April 2020, as well as records of accesses in the same period.
“Hosted on an Elasticsearch server owned by Poney Telecom in France, the leaked database contained more than 8TB of data, approximately 7.4 billion records. The server was live at the time of our investigation, leaking Personally Identifiable Information (PII) data from people accessing private accounts on the Le Figaro news website, and in some cases, their login credentials as well,” SafetyDetectives told Cyber Security News.
The French daily newspaper, Le Figaro, was founded in Paris in 1826, and it is the oldest newspaper in France. While apart from this, the online portal of Le Figaro is one of the most visited websites in France, since it’s the oldest daily newspaper in France.
The Safety Detective team discovered a server used by the French daily newspaper site, Le Figaro was hosted in France, and it was not protected by a password.
This server keeps an archive (“log”) of many interactions of readers with the site, a standard practice for maximum websites, simply to make better user experience.
The access to the server was not protected, leaving 8TB of data freely accessible, while the vast majority of the data was technical information. But the files also contained personal information, like names, email addresses, even passwords as well, which were stored open and unprotected, while others are protected by an MD5 hash, it’s a known protection system, but, not very robust.
The database API records contained records of the users who have registered a subscription account on the Le Figaro website from February to April 2020, along with records of pre-existing users who connected to their accounts.
Moreover, the database also contained some technical records that could give an attacker valuable information about the infrastructure of Le Figaro, while these include SQL query errors, traffic between different servers, communication protocols, and much more.
But, the Safety Detectives believe that the leak could be connected to the AGORA system used by Le Figaro as CRM and have been accidentally exposed due to the Misconfigured ElasticSearch Cluster. But, here, the most worrisome thing is that the database was completely exposed to the public, and accessible to anyone without the need of a password.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read:
San Francisco International Airport HACKED – Hackers Steal Users Windows Login Credentials
Massive Data Leak Exposes US Energy Sector To Cyber Attack – 70,000 Private Files Leaked
TrueFire Hack – Credit Cards and User Personal Information Exposed
Radio.com Hacked: Hackers Accessed Database Backup Files, Username and Password
Two new vulnerabilities have been discovered in Next.js, related to response queue poisoning and SSRF…
British Columbia's government has confirmed a sophisticated attempt to infiltrate its information systems. Premier David…
Security researchers have uncovered a new technique called "TunnelVision" that exposes a fundamental flaw in…
A sophisticated malware campaign has been identified, specifically targeting Windows and Microsoft Office users through…
Hackers take advantage of sponsored Google Ads as they provide an excellent chance to reach…
F5 Big IP has been discovered with two critical vulnerabilities that could potentially allow a…