Olivia
Online
Bob Diachenko 🇺🇦
@MayhemDayOne
Cyber Threat Intelligence @ journalist, OSINT | Responsible disclosures | Security consultancy | Contact me: [email protected]
Germany/Ukraine 🇺🇦
Joined February 2016
533 Following
17.9K Followers
1.7K Posts
Thing is that this (or similar) data has been sitting in open elasticsearch cluster at least since April 2025. Company did not care about closing it, despite my alerts. See below (don't be distracted by 'raaga-users' numbers, other collections contain sensitive data too, hence 10M).
Is anyone still here? please reply to this thread to let me know if it is still worth publishing reports/news on this platform as I have almost migrated to linkedin.
This is NOT a single source. It's not about the number (scary!), but the scale and raise of infostealers infections today. What this number reflects is the size of of different infostealers logs exposed publicly since the beginning of this year alone. https://t.co/L1gPBeE2pu
China is leaking data like no other country in the world recently. We register it all and analyze thoroughly. Read more about our latest find, if you missed it: https://t.co/0tA6J08qVD
Who to follow
Blue Team News 
@blueteamsec1
The cybersecurity home for the latest #BlueTeam, #DFIR, and #ThreatHunting news and tools.
Arkbird
@Arkbird_SOLG
Malware slayer
Member of @CuratedIntel
DarkFeed
@ido_cohen2
DarkFeed: Cyber Threat Intelligence Platform, Putting things at order in the ransomware crazy world
#OSINT | #Ransomware | #Cyberattacks | #Hacktivism
RU-hosted Troyan-As-A-Service infrastructure config (accidentally exposed).
As per my knowledge, no US or EU citizen was on this list.
It's been more than 3 years ago but this post keeps popping up and my DM is full of requests from people who think they are on this list. Let me assure you are not. There's been a development since then regarding the owner of this list.
Apparently, this is the TSC (Terrorist Screening Centre) dataset publicly exposed (tsc_id is the only clue), with 1.9M+ records. In any case, any thoughts as of where to responsibly report?
Apparently, it was very limited and was part of The Kingdom of Bahrain's Joint Counter Terrorism Centre (JCTC) responsible for gathering and analysing information regarding terrorist organisations and affiliated individuals.
@Gi7w0rm yeah that's the simpliest way to do it, aws team just shut it down and no justice )
"В целях исключения сбора информации о критических уязвимостях ресурсов, индексирования персональных данных и использования собранной информации в зарубежных моделях машинного обучения и анализа".
Interesting. Here is the list of recommended websites configuration sent by russian "Center for Monitoring and Managing the Public Telecommunications Network" to the critical infrastructure enterprises. In total, 653 search bots and crawlers are to be blocked.
@xeraa a lot of developers sincerely think that changing a default port makes the instance secured
Lost in translation maybe? :) Anyway, read the full story here: https://t.co/zIe4IcyUVv
Raysharp also provided a really weird comment when asked about the exposure which I would like to bring up here:
“Elasticsearch is an open-source log service system, with port 9500 only used for log queries during product development. Under normal circumstances, it is not necessary to use it. Only when there is an abnormality in the product, it is necessary to query the product log through port 9500 to assist in locating the problem. At present, the service on port 9500 is temporarily suspended. After resolving the issue of this vulnerability, it can be opened again”.
Recently I reported very interesting leak related to Raysharp (a Chinese manufacturer of video cameras, recorders, and other surveillance products). While it may not be a household name in every corner of the world, it has established itself as a reputable provider of security surveillance solutions in certain regions or markets. Such as Russia, for example. Thread below:
Raysharp has its production server with filebeat logs exposed where more than 3 Billion (!) records stored. Of course, it was not super sensitive as passwords or even emails, but still - these data points could tell someone a good story:
We are working with @cybersecdawg and @4353_37 on a project that should help companies quickly respond to the fast-growing issue with API keys leaks. Unfortunately, @Shopify, @stripe, @PayPal and other industry players underestimate this problem and prefer not to mention numerous exposures (and not all of them re-surface on greyweb forums, most are privately sold).
Proud and excited to be part of Mind The Sec once again, one of the most important events in the region!
Palestrante confirmado! Bob é Pesquisador de segurança e jornalista, ganhando reputação como um dos mais respeitáveis analistas de segurança da atualidade. Garanta seu ingresso para a edição de 10 anos do Mind The Sec! Link: https://t.co/L3tZNA1efd
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers