Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far
If you’re a Twitter user, you’ve probably heard of Mastodon, a free open-source software with similar micro-blogging features. Recently, independent security researcher Anurag Sen has found that an active Elasticsearch server has been scraping the information of over 150,000 Mastodon users since at least Nov. 15.
The scraped data includes:
- Display and account names
- Profile pictures
- Following and follower count
- Last status update
It’s not clear how long the server has been scraping user information, but Sen noted it’s actively logging records without requiring password authentication.
For the moment, no email addresses, passwords or phone numbers have been found. However, Mastodon users should exercise caution when making any information on their profile public.
As noted by Hackread.com, the researcher explained that the misconfigured server is not linked to any of Mastodon’s hosting software.
Sen also said he has not yet been able to identify the owner of the misconfigured Elasticsearch cloud bucket that is allowing any tech-savvy individual to access users’ info.
Scraped data from social media networks can put users’ privacy at risk in many ways. While Mastodon users need not fear immediate social engineering attacks leveraging email addresses and phone numbers, users should watch out for suspicious followers and direct messages. It wouldn’t hurt for users to also enable two-factor authentication on their accounts for an extra layer of security.
Use Bitdefender Digital Identity Protection to find out what key pieces of your digital identity have been exposed in data breaches or leaks over the year.
The service helps you take proactive measures to control, manage and protect your digital self with real-time notifications that alert you when your data ends up in legal or illegal data collections on the internet.
You also get expert recommendations to fix any privacy issue detected so you can stay a step ahead of malicious activity and protect your financial wellbeing.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022