Cyber Security company contractor leaks 5 billion records database

Cybersecurity firm Keepnet Labs recently confirmed that a contractor exposed a database storing at least 5 billion records of email addresses and hashed passwords, information that was collected from previous data breach incidents.

The company specializes in collecting data exposed in security incidents using publicly accessible sources for the purpose of notifying its customers if their email addresses or business web domains have been involved in a data breach. This is a completely legal service, the company states, and has grown considerably.

Apparently it all happened during a routine procedure. Last March, a third-party company working for Keepnet Labs gave maintenance to the database in question, for which the information migration was carried out; those responsible for this process disabled the firewall by about ten minutes to speed up the migration process.

During this time, the database was indexed by BinaryEdge, an Internet indexing service. A short time later, the database was detected by researcher Bob Diachenko, who specializes in finding such leaks. Diachenko points out that he was able to access the information without using login credentials through an unprotected port.

After rigorous analysis, Diachenko determined that the database contained information collected from other security incidents, such as those in Adobe, LinkedIn, and Twitter. These records contained details such as:

  • Year in which the leak was revealed
  • Source of leaking
  • Email address compromised
  • Encrypted passwords

It is important to note that the database only contains records obtained from public sources due to security incidents that occurred between 2012 and 2019. This incident did not expose confidential details of Keepnet Lab customers. The company received notification from the investigator immediately after the find. Diachenko claims the database was exposed for almost 24 hours.

When the incident began to attract the attention of the cybersecurity community, many assumed that Keepnet Labs’ security had been breached by a group of threat actors, although over the following days, specialized news platforms and some cybersecurity blogger editors had to explicitly rectify and stop mentioning the company explicitly.

“There are articles online that contain potentially misleading inaccuracies; many of these publications have now been modified, but we would like to make things clear,” said a Keepnet Labs representative. The company would even have threatened to take legal action against Graham Cluley, a renowned cybersecurity specialist, for disseminating vague details about this incident, although this information has not been confirmed by either party involved.