1 min read

Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far

Alina BÎZGĂ

November 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Elasticsearch server actively scraping Mastodon user data; over 150,000 individuals exposed so far

If you’re a Twitter user, you’ve probably heard of Mastodon, a free open-source software with similar micro-blogging features. Recently, independent security researcher Anurag Sen has found that an active Elasticsearch server has been scraping the information of over 150,000 Mastodon users since at least Nov. 15.

The scraped data includes:

  • Display and account names
  • Profile pictures
  • Following and follower count
  • Last status update

It’s not clear how long the server has been scraping user information, but Sen noted it’s actively logging records without requiring password authentication.

For the moment, no email addresses, passwords or phone numbers have been found. However, Mastodon users should exercise caution when making any information on their profile public.

As noted by Hackread.com, the researcher explained that the misconfigured server is not linked to any of Mastodon’s hosting software.

Sen also said he has not yet been able to identify the owner of the misconfigured Elasticsearch cloud bucket that is allowing any tech-savvy individual to access users’ info.

Scraped data from social media networks can put users’ privacy at risk in many ways. While Mastodon users need not fear immediate social engineering attacks leveraging email addresses and phone numbers, users should watch out for suspicious followers and direct messages. It wouldn’t hurt for users to also enable two-factor authentication on their accounts for an extra layer of security.

Use Bitdefender Digital Identity Protection to find out what key pieces of your digital identity have been exposed in data breaches or leaks over the year.

The service helps you take proactive measures to control, manage and protect your digital self with real-time notifications that alert you when your data ends up in legal or illegal data collections on the internet.

You also get expert recommendations to fix any privacy issue detected so you can stay a step ahead of malicious activity and protect your financial wellbeing.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to get cyber-ready for a scam-free Christmas, Bitdefender style How to get cyber-ready for a scam-free Christmas, Bitdefender style
Alina BÎZGĂ

December 08, 2022

3 min read
Your phone number got leaked? Here’s what cybercriminals can do with it and how you can stop them Your phone number got leaked? Here’s what cybercriminals can do with it and how you can stop them
Alina BÎZGĂ

December 05, 2022

3 min read
Threat actor publicly shares stolen data of 5.4 million Twitter users Threat actor publicly shares stolen data of 5.4 million Twitter users
Alina BÎZGĂ

November 28, 2022

3 min read