A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
In July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.
Read more…
Source: Bleeping Computer