A database containing 8.4 TB of email metadata was left exposed to the internet. The database belonged to a major Chinese research university. The good news is that it is now secured.
While searching Shodan, security researcher Justin Paine, who is the director of trust and safety with Cloudflare, came across an ElasticSearch database without any authentication. The database contained metadata related to a huge amount of emails.
Shanghai Jiao Tong University’s Email Metadata Exposed
It was eventually confirmed that this server and the email metadata was controlled by a large university located in China, the researcher shared in a blog post. Fortunately, the university’s security team responded promptly and took action to secure the data. However, the researcher believes that the university hasn’t notified the impacted students.
The database belongs to Shanghai Jiao Tong University which is known as ‘The MIT of the East’ since the 1930s.” The university has approximately 41,000 students covering their undergrad, masters, and Ph.D. programs.
As for the data that was left exposed, the researcher says the following:
9.5 billion rows of data which translates to 8.4TB of data. This was email metadata that appears to have been from a popular self-hosted email platform named Zimbra. The database was also growing significantly in size at the time it was secured. On May 23rd I observed the database the database was only 7TB in size, and May 24th the database had grown to 8.4TB.
What was in the database? A large amount of the university’s email metadata consisting of information of senders, destinations and time of the emails. An attacker could abuse the data to locate emails that are sent or received by a specific individual. Furthermore, the exposed data also included the IP address and user agent of the person checking the email.
Using this metadata I could see the high level details of a specific email exchange such as which email address was sending or receiving an email from a different email address.
This enabled the researcher to locate all the IPs used and device type of every individual.