Massive Elasticsearch Exposure Leaks 8.7 Billion Records
Learn More
Researchers report a massive data leak exposing 8.73 billion records primarily belonging to Chinese citizens and businesses. The leak was discovered on January 1, 2026 on an unsecured Elasticsearch cluster accessible from the internet.
The misconfigured server exposed over 160 indices for at least three weeks. Metadata suggests that ongoing data being added to the cluster and that the data is structured and aggregated.
The compromised data includes:
- Full names and national ID numbers
- Mobile phone numbers and home addresses
- Dates and places of birth
- Gender and demographic attributes
- Messaging and social media identifiers
- Email addresses and usernames
- Plaintext and weakly protected passwords
- Company registration details and legal representative names
- Business contact information and licensing metadata
The number of affected individuals is estimated to be in the hundreds of millions the exact count is not disclosed. The company owner of the database is unknown.
The provider subsequently locked down the database. No organization has claimed ownership of the data. There is currently no evidence of specific exploitation, though the scale of the leak suggests that automated scraping by threat actors was highly likely during the exposure period.
