The data was leaked due to a misconfiguration on an ElasticSearch server.
Researchers at cybersecurity firm WizCase discovered a misconfigured cloud server that exposed exclusive customers data of a US-based tech firm that manages the famous Family Tree Maker software, also called FTM.
The research team led by Avishai Efrat claims that the database contained around 25GB worth of data belonging to “The Software MacKiev Company,” which syncs Ancestry.com’s user data, a popular platform for family history search. It is worth noting that previously, Ancestry.com suffered a data breach in which login credentials of 300,000 accounts were leaked in plain-text.
As for the latest incident, according to researchers, approximately 60,000 MacKiev users are reportedly affected by the data exposure after a misconfigured ElasticSearch server was left open for public access.
The leaked data included sensitive user details like:
- IP address
- Email address
- Refunds (if applicable)
- User support messages
- Internal system user IDs
- Subscription type and status
- Technical data, such as error logs
- User location data, including geolocation coordinates and cities
Family Tree Maker, a genealogy software, was released in 1989 and has had many different corporate owners, including The Learning Company, Broderbund, and Mattel, before Ancestry.com. Software MacKiev bought the Windows version of FTM from Ancestry back in 2016 and developed its MacOS version.
Our team of white-hat hackers found an exposed MacKiev server that leaked 25GB of Ancestry user data and MacKiev Software user subscription, WizCase’s Chase Williams said in a blog post. As the company is based in the US, most of its users could be identified as US residents, Chase added.
A preview of the data leaked during misconfiguration:
WizCase informed the US software maker regarding the exposed database, and although the company didn’t respond, the database was taken offline immediately.
According to WizCase, given the leaked data’s nature, hackers would have had a field day exploiting it if the company hadn’t resolved the issue. The data could have been used to access users’ personal information and may have allowed hackers to launch phishing attacks, scams, identity theft, business espionage, etc.
Moreover, the leaked data also included user complaints, which could have been useful for the US tech firm’s competitors as they would have easily targeted unhappy clients.
Also, part of the exposed data were technical details of MacKiev system’s backend, which attackers could use to leverage cyberattacks on the company itself and its affiliated companies leading to compromising additional user data. Attackers could also have infected the system with malware or gain full control over different parts of MacKiev’s systems.
Remember, cybercriminals hunt for vulnerable systems and exposed databases and demand ransom after taking over them. Earlier this month, 47% (about 22,900) of MongoDB databases were hacked and being used by hackers to demand ransom from their owners.