Shanghai Jiao Tong University leaks 8.4TB of email metadata due to misconfigured Elasticsearch database

• The server running unprotected database was discovered on May 22, 2019.
• The open database contained 9.5 billion rows of data which amounts to 8.4 TB of data.

An exposed Elasticsearch database had leaked 8.4TB of email metadata in a new data breach incident. The leaky database belonged to Shanghai Jiao Tong University.

What happened?

The server running unprotected database was discovered on May 22, 2019, by Justin Paine, Director of Trust & Safety at Cloudflare. Paine found the database through a Shodan search.

Upon investigation, it was found that the database belonged to Shanghai Jiao Tong University that caters courses to over 41,000 students.

What data was involved?

The open database contained 9.5 billion rows of data which amounts to 8.4 TB of data. As described on Rainbowtabl.es security blog, the information appeared to email metadata from a popular self-hosted email platform named Zimbra.

“The database was also growing significantly in size at the time it was secured. On May 23rd I observed the database was only 7TB in size, and May 24th the database had grown to 8.4TB,” read the blog post.

Based on the metadata, the researchers were able to find out that all emails were being sent or received by a specific person. The data included the IP address and user agent of the person checking their email.

The exposed database also includes the IP addresses and device type of individuals.

“Using this metadata I could see the high-level details of a specific email exchange such as which email address was sending or receiving an email from a different email address,” explained researchers.

What has been done?

Shanghai Jiao Tong University was notified about the issue. Following the discovery, the leak was plugged by the institution within 24 hours. It is yet to inform the affected students.