We review vendors based on rigorous testing and research, and also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company. Learn more

Wizcase was established in 2018 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, Intego and Private Internet Access which may be ranked and reviewed on this website. The reviews published on Wizcase are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Data Breaches Tracker

Recording the Evolution of Open Unsecured Databases

Total number of Servers Scanned
Total number of Servers accessible without authorization
Total number of Records exposed in servers accessible without authorization
Total number of Servers accessible without authorization hit by Meow
* The numbers above show the results of our most recent scan on July 18th, 2022

In order to highlight cyberthreats in critical global industries, the WizCase team has been carrying out ongoing cybersecurity research. With some of our recent research, we looked into data leaks in the medical industry and data leaks in online education, both critically important and severely overlooked. Having looked at several specific industries, we thought it would be good to analyze general server breaches that can affect any company that runs databases. Over the past 10 years, there have been over 300 data breaches of servers containing over 100,000 records — enormous quantities of data that can wreak havoc on companies and their users alike.

Variables Tracked

The tool tracks and displays multiple variables to expose the severity and magnitude of global breaches:

  • Period of time analyzed:

    Manually enter a period of time to be shown server analytics for.

  • Total number of servers scanned:

    The overall number of servers scanned in the given time period.

  • Total number of running Elasticsearch instances:

    How many of the scanned servers were running an Elasticsearch database.

  • Total number of servers accessible without authorization:

    How many of the Elasticsearch databases were left accessible without secure authentication.

  • A breakdown of secure vs. insecure servers:

    What percent of databases were accessible without secure authentication, required a password, or blocked access completely.

  • Server size percentages:

    Which percent of scanned Elasticsearch databases were below 1GB, between 1-100GB, or over 100GB.

  • Total number of records exposed in servers accessible without authorization:

    The number of publicly accessible files from all unprotected Elasticsearch databases in a given time period.

  • Total number of servers accessible without authorization hit by bad actors:

    How many insecure servers were targeted with attacks such as Meow, resulting in data theft or deletion.

The Most Common Threats After a Data Breach (for Those Exposed)

Depending on the type of data stolen during a breach, there are multiple ways in which it can be used against those who had their data exposed:

  • Theft

    Stolen data could be used for direct financial gain if information like credit card details are stolen, or could be used for identity theft if sensitive personal details are obtained.

  • Blackmail

    Attackers could use the acquired information to blackmail exposed parties, especially with sensitive healthcare information or financial details.

  • Account takeover

    Stolen information can be used to access accounts on different services if identical login credentials are used, or to access the account linked to the breached provider.

  • Phishing/Scam

    If enough personal information is collected, it can be used to tailor highly effective phishing attacks or scams. This can trick people into revealing even more sensitive data like credit card or banking information.

Costs of Data Breaches for Companies

Data breaches don’t only affect those whose data was stolen, but also those who were initially entrusted to keep the data safe. Companies affected by a data breach are likely to suffer from:

  • Reputational damage

    When a significant breach occurs, the potential impact on customer trust can be substantial. Customers depend on companies to safeguard their data, and if these companies fail to do so, there is a strong likelihood that customers will seek alternatives for their business. In fact, the average cost of lost business following a data breach is around $1.4 million.

  • Theft

    From intellectual property to financial details, stolen data could lead to considerable losses in various forms.

  • Fines

    Failing to comply with data protection regulations comes at a more direct cost in the form of fines. For instance, the 2017 Equifax data breach resulted in the US Federal Trade Commission fining the company up to $700 million.

Top 5 Biggest Data Breaches in History

The current biggest data breaches in history affected some of the largest and most trusted companies in existence. It’s no surprise that two-thirds of people online had their records stolen or compromised by 2018.

It’s worth noting that all the top companies affected are American, where the average cost of a data breach is significantly higher than globally at $8.2 million.

  1. Yahoo — Yahoo had an astounding 3 billion records stolen (all accounts that existed on the service at the time) when they were hacked in 2013. This included names, email addresses, and passwords. They were hacked again in 2014 when someone stole 500 million records.
  2. First American Corporation — The insurance and settlement services provider exposed 885 million records due to poor security, including Social Security numbers, driving licenses, and more.
  3. Facebook — Poor security led to 540 million records being leaked in 2019, including account names, details of comments, post reactions, friends, photos, check-ins, and even passwords of 22,000 users.
  4. Marriott International — The hotel chain lost 500 million records when a Chinese group hacked it in 2018. This included names, passport details, emails, phone numbers, addresses, and more.
  5. Friend Finder Networks — An attack resulted in the theft of over 410 million records in 2016. Although it didn’t reveal any detailed personal information, it would still confirm who had been a site member.

Tips: How to Protect Yourself from Data Breaches

There are a few things you can do to ensure that the impact of a data breach on you personally remains as small as possible:

Have unique credentials for every account

If you reuse the same password on several accounts, a data breach on one can result in the breaching of multiple accounts at once. Use a reliable password manager, so you have a strong and unique password for every service.

Use two-factor authentication (2FA)

If your credentials are stolen in a breach but you have 2FA active, it’s almost impossible for the attacker to access your account without the extra code.

Set up an identity monitoring tool

This alerts you when your personal information appears on a stolen data website, or in loan applications, social media posts, orders for utilities, and more. This way you can react as soon as you’re aware that some of your data has been stolen.

FAQ: The Data Breaches Tracker and Elasticsearch

How much of the web does the Data Breaches Tracker scan?

Initially 100%, but we narrow it down to 0.06%. Once a week we scan the whole internet to search for IP addresses that are likely running Elasticsearch — roughly 250,000 in total. This way we narrow down the whole web to the relevant 0.06%, which we scan on a regular basis to keep as updated as possible.

What can the Data Breaches Tracker be used for?

The Data Breaches Tracker is a fantastic way to assess global server vulnerabilities and analyze how worldwide database security can be improved. Given the huge number of susceptible databases, we hope it can function as a wake-up call to enterprises and anyone who keeps sensitive data on an insecure server. Considering that the average cost of a data breach globally is just under $4 million, it’s vital for companies to secure vulnerable databases as quickly as possible.

What is Elasticsearch?

Elasticsearch is a database engine used to sort and search through different types of data. It has many uses, including application search, to log analytics, performance monitoring, and security analytics. Users especially love it for its speed and ability to search through vast quantities of data in milliseconds. It’s ranked as one of the most popular database engines in the world.

What is the Meow attack?

The Meow cyberattack is a particularly destructive kind of attack that, unlike many other attacks, doesn’t seek any kind of profit. It simply searches for unsecured databases and wipes all their contents, leaving behind its telltale “Meow” written all across the affected database. It doesn’t only affect Elasticsearch databases, but also MongoDB, Cassandra, Hadoop, and more.

What types of cyberattacks target servers?

Apart from Meow, mentioned above, there are numerous types of attacks that target servers, including:

  • DoS (Denial of Service) Attacks — An attacker floods a server with more traffic than it can handle, taking it temporarily offline in the process.
  • Brute Force Attacks — By rapidly guessing a huge number of passwords these attacks attempt to gain access to an account with elevated server privileges.
  • Directory Traversal — This vulnerability allows an attacker to move beyond the web directory, where they can potentially execute commands or locate sensitive data.
  • Website Defacement — An attacker can inject malicious or irrelevant data into a database, so when legitimate users call up this data they’ll see the “defaced” result of the attack.

What other kinds of databases are left open on the internet?

Almost any database can be left unsecured and open to attack on the internet. However, some that are frequently left open to attack include MongoDB, Cassandra, Hadoop, and Jenkins.

How can insecure databases be fixed?

Elasticsearch contains a number of built-in mechanisms for user authentication, so only validated users can log in and view data on the server. However, this alone isn’t enough, since users should be given relevant privileges so they can only see data that they’re qualified to see. In Elasticsearch this is known as “role-based access control mechanism” (RBAC) — in essence, every user is given a role and related privileges for heightened data security.

Of course, security goes much deeper than this, but with more advanced authentication setups, many servers would already be a lot safer.

How does the Data Breaches Tracker work?

Our Data Breaches Tracker scans the web every week, specifically seeking out unsecured Elasticsearch databases that have potential to be breached (or already have been). It then stores this data and makes it available in the form of a detailed graph with multiple variables so you can analyze the precise time period and data you want.