Bob Diachenko 🇺🇦

Thing is that this (or similar) data has been sitting in open elasticsearch cluster at least since April 2025. Company did not care about closing it, despite my alerts. See below (don't be distracted by 'raaga-users' numbers, other collections contain sensitive data too, hence 10M).

New breach: Indian streaming music service Raaga allegedly had 10M records breached last month. Data included email, name, gender, age, postcode and unsalted MD5 password hash. 60% were already in @haveibeenpwned. Read more: haveibeenpwned.com/Breach/Raaga

Is anyone still here? please reply to this thread to let me know if it is still worth publishing reports/news on this platform as I have almost migrated to linkedin.

This is NOT a single source. It's not about the number (scary!), but the scale and raise of infostealers infections today. What this number reflects is the size of of different infostealers logs exposed publicly since the beginning of this year alone. cybernews.com/security/billi…

China is leaking data like no other country in the world recently. We register it all and analyze thoroughly. Read more about our latest find, if you missed it: cybernews.com/security/chine…

RU-hosted Troyan-As-A-Service infrastructure config (accidentally exposed).

As per my knowledge, no US or EU citizen was on this list.

Apparently, it was very limited and was part of The Kingdom of Bahrain's Joint Counter Terrorism Centre (JCTC) responsible for gathering and analysing information regarding terrorist organisations and affiliated individuals.

It's been more than 3 years ago but this post keeps popping up and my DM is full of requests from people who think they are on this list. Let me assure you are not. There's been a development since then regarding the owner of this list.

@MayhemDayOne I sincerely apologize for the frustration this has caused, Bob. We do have a team that handles these reports, this documentation explains how to forward the information to them: go.aws/report. ^BD

91 additional domains found related to this #Scam: gist.github.com/Gi7w0rm/f55b26… Submitted to Spamhaus for those that are actively resolving.

@Gi7w0rm yeah that's the simpliest way to do it, aws team just shut it down and no justice )

@MayhemDayOne aws.amazon.com/de/security/vu… But I could also have a try to report this manually if you send me the details.

"В целях исключения сбора информации о критических уязвимостях ресурсов, индексирования персональных данных и использования собранной информации в зарубежных моделях машинного обучения и анализа".

Interesting. Here is the list of recommended websites configuration sent by russian "Center for Monitoring and Managing the Public Telecommunications Network" to the critical infrastructure enterprises. In total, 653 search bots and crawlers are to be blocked.

@xeraa a lot of developers sincerely think that changing a default port makes the instance secured

@MayhemDayOne I just wish everyone kept the security by default enabled (or at least not change the port binding to a public interface) 🫠

Lost in translation maybe? :) Anyway, read the full story here: cybernews.com/security/chine…

Raysharp also provided a really weird comment when asked about the exposure which I would like to bring up here: “Elasticsearch is an open-source log service system, with port 9500 only used for log queries during product development. Under normal circumstances, it is not necessary to use it. Only when there is an abnormality in the product, it is necessary to query the product log through port 9500 to assist in locating the problem. At present, the service on port 9500 is temporarily suspended. After resolving the issue of this vulnerability, it can be opened again”.

Recently I reported very interesting leak related to Raysharp (a Chinese manufacturer of video cameras, recorders, and other surveillance products). While it may not be a household name in every corner of the world, it has established itself as a reputable provider of security surveillance solutions in certain regions or markets. Such as Russia, for example. Thread below:

Raysharp has its production server with filebeat logs exposed where more than 3 Billion (!) records stored. Of course, it was not super sensitive as passwords or even emails, but still - these data points could tell someone a good story:

We are working with @cybersecdawg and @4353_37 on a project that should help companies quickly respond to the fast-growing issue with API keys leaks. Unfortunately, @Shopify, @stripe, @PayPal and other industry players underestimate this problem and prefer not to mention numerous exposures (and not all of them re-surface on greyweb forums, most are privately sold).

Proud and excited to be part of Mind The Sec once again, one of the most important events in the region!