WizCase researchers recently revealed that a U.K. analytics firm, Polecat, left 30TB of data and billions of records exposed on an elasticsearch server that was not secured. WizCase reports:
Polecat, which successfully predicted the outcome of the 2016 US Presidential Election, had potentially conducted a similar set of research less than a week before the 2020 US Election. The leak was discovered on October 29, 2020. By the next day, the server showed evidence of a Meow attack that wiped out more than half the data. Subsequent attacks wiped out even more.
The 30TB of data consisted of 12 billion records that were mostly tweets and posts from blogs and social media:
- Over 6.5 billion tweets
- Almost 5 billion records labeled “social”, which seemed to be all tweets
- Over 1 billion social posts across different blogs and websites
The researchers reached out to Polecat on October 30 and again on November 1, also reaching out to OVH on that date.
The server was secured on November 2 and the team got a response on that date.
You can read more on WizCase.
So why wait until now to disclose the leak? WizCase did not really explain the delay in reporting.
DataBreaches.net sent an inquiry to Polecat about their retention of data, but has received no reply as yet. Their privacy policy, however, says:
Please contact Polecat if you would like your personal information removed from our systems.
So if everyone emails privacy[at]polecat[dot]com to request that they delete any tweets or posts involving you, will they do it?