From infosecurity-magazine.com
Billions of email addresses and plain text passwords have been leaked online by an unnamed party, putting countless internet users at risk from credential stuffing and other attacks.
Security researcher Bob Diachenko discovered the unsecured Elasticsearch database on December 4, although it was first indexed by the BinaryEdge search engine and therefore publicly available from the very start of the month.
After he notified the US-based ISP hosting the IP address, access to the database was eventually disabled on December 9, giving potential hackers more than enough time to harvest the trove of log-in data.