
Data leak on Europol terrorism investigations - mercora
http://www.reuters.com/article/us-europol-cyber-idUSKBN13P0M6
======
atom_enger
This isn't that uncommon, unfortunately. You'd be surprised what you can find
out there that's waiting to be taken by the wrong person if you use a tool
like masscan to scan large portions of the internet quickly. Search default
ports for elasticsearch, mongo.. etc. It's scary how easy it is to find these
and set these databases up with insecure defaults. Question is, how do you go
about safely reporting this especially when you find this kind of data? I
blame operator ignorance and service provider insecure defaults(I'm looking at
you AWS Elasticsearch).

~~~
sadfsdfsadfsd
I've encountered flaws, reported them, and then received vague legal threats.
Fortunately, I used a disposable email.

