1 min read

Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far

Alina BÎZGĂ

November 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far

If you’re a Twitter user, you’ve probably heard of Mastodon, a free open-source software with similar micro-blogging features. Recently, independent security researcher Anurag Sen has found that an active Elasticsearch server has been scraping the information of over 150,000 Mastodon users since at least Nov. 15.

The scraped data includes:

  • Display and account names
  • Profile pictures
  • Following and follower count
  • Last status update

It’s not clear how long the server has been scraping user information, but Sen noted it’s actively logging records without requiring password authentication.

For the moment, no email addresses, passwords or phone numbers have been found. However, Mastodon users should exercise caution when making any information on their profile public.

As noted by Hackread.com, the researcher explained that the misconfigured server is not linked to any of Mastodon’s hosting software.

Sen also said he has not yet been able to identify the owner of the misconfigured Elasticsearch cloud bucket that is allowing any tech-savvy individual to access users’ info.

Scraped data from social media networks can put users’ privacy at risk in many ways. While Mastodon users need not fear immediate social engineering attacks leveraging email addresses and phone numbers, users should watch out for suspicious followers and direct messages. It wouldn’t hurt for users to also enable two-factor authentication on their accounts for an extra layer of security.

Use Bitdefender Digital Identity Protection to find out what key pieces of your digital identity have been exposed in data breaches or leaks over the year.

The service helps you take proactive measures to control, manage and protect your digital self with real-time notifications that alert you when your data ends up in legal or illegal data collections on the internet.

You also get expert recommendations to fix any privacy issue detected so you can stay a step ahead of malicious activity and protect your financial wellbeing.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Parents’ Credit Card Info Stolen in Australian High School Hack Parents’ Credit Card Info Stolen in Australian High School Hack
Alina BÎZGĂ

January 31, 2023

1 min read
Data breaches affected over 422 million people in 2022, Identity Theft Resource Center says Data breaches affected over 422 million people in 2022, Identity Theft Resource Center says
Alina BÎZGĂ

January 30, 2023

2 min read
Dutch hacker arrested for allegedly selling data of 9.1 million Austrian citizens Dutch hacker arrested for allegedly selling data of 9.1 million Austrian citizens
Alina BÎZGĂ

January 27, 2023

2 min read