SOCRADAR’S AI-powered Sensitive Data Exposure Monitoring service identified a publicly accessible and misconfigured Elasticsearch instance containing approximately 544,322,698 records. The database was exposed directly to the internet without authentication controls and hosted about 88.3 GB of data, all in a URL:email/username:password structure with no encryption or hashing observed in sampled entries.
The exposed dataset included direct login endpoints alongside usernames or email addresses and corresponding plain-text passwords, meaning testing and targeting could be faster and more efficient for credential abuse. A broader pattern emerged as hacker forums advertised large credential datasets around the same timeframe, including a listing claiming “555M URL:Log:Pass” records, though preliminary comparisons suggest the forum data did not fully match the exposed dataset.
This combination of scale, readable authentication data, and public accessibility elevates the incident to a critical severity, underscoring the importance of external exposure visibility in preventing widespread account compromise. according to SOCRadar’s findings, such misconfigurations can rapidly become high‑impact threat vectors if not addressed promptly.