UK newspaper “The Telegraph”, one of the UK’s largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its Elasticsearch databases.
The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers. It also included registrant information of Apple News subscribers, also including passwords in plaintext form.
The unsecured database was discovered by popular researcher Bob Diachenko on September 14, 2021. The newspaper was contacted and warned about the exposure immediately, but it took them two days to respond and secure the database. The database instance was indexed on specialized search engines on September 1, 2021, so the period of exposure was at least three weeks.
Experts recommend impacted visitors to reset their password, remain vigilant, and look out for unsolicited messages that could ask them to click on links or open attachments.
Read more about it here.