Ax Sharma reports:
A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet.
The list was left accessible on an Elasticsearch cluster that had no password on it.
Read more on BleepingComputer. The government wouldn’t respond to inquiries by BleepingComputer as to whether this was the government’s Terrorist Screening Center list, and whether the government was responsible for the leak or a third party.
The leak was discovered and originally reported by Bob Diachenko.
h/t, Joe Cadillic