Containing more than 8TB of data along with about 7.4 billion records; the database was hosted on an Elasticsearch server owned by a French company named Pony Telecom.
The data visible included:
- Full names
- Home Addresses
- Passwords for new users, in cleartext and hashed with md5
- Countries of residence and zip code
- IP addresses
- Internal server access tokens
The exposed user data could be used by hackers to pursue identity theft and various forms of fraud against those whose information was leaking. Combining a user’s email address, personal details, and more, hackers would have ample opportunities to pursue financial, tax, insurance fraud, and much more.