A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.
July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.
The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status.
The exposed server was indexed by search engines Censys and ZoomEye, indicating Diachenko may not have been the only person to come across the list:
The researcher told BleepingComputer that given the nature of the exposed fields (e.g. passport details and "no_fly_indicator") it appeared to be a no-fly or a similar terrorist watchlist.
Additionally, the researcher also noticed some oblique fields such as "tag," "nomination type," and "selectee indicator," that weren't imminently understood by him.