This post is also available in:
עברית (Hebrew)
A massive data leak exposing millions of personal records of Georgian citizens has raised significant concerns over data security and privacy. Discovered by cybersecurity expert Bob Dyachenko and Cybernews, the leak involved an unsecured Elasticsearch index, which was hosted on a server by a Germany-based cloud provider. The data, which was publicly accessible for a brief period, included highly sensitive personal details about Georgian citizens, leaving many at risk of identity theft and other malicious activities.
The leak revealed two major indices containing personal data. One index held nearly five million individual records, while another contained over seven million phone numbers linked to personal information. For context, Georgia’s population is approximately four million, suggesting the presence of duplicate or even posthumous entries. The exposed data included phone numbers, ID numbers, full names, birthdates, and more.
According to the report on Cybernews, Dyachenko noted that the data likely originated from multiple sources, possibly including government and commercial datasets, as well as number identification services.
After the leak was discovered on October 4th, 2024, the server was quickly taken offline by the cloud service provider, and public access was closed by October 7th. Despite the swift removal of the data, the breach remains troubling, especially given the potential for malicious exploitation.
According to Dyachenko, in a volatile geopolitical environment, the leaked information could be exploited by both state-sponsored actors and cybercriminals for various malicious purposes. From political manipulation and disinformation to identity theft and fraud, the personal data could be used to target individuals, spread misinformation, or even disrupt public trust.
Experts recommend that data handlers enforce stronger authentication and encryption measures to prevent unauthorized access to sensitive information. With little clarity on the origins and regulatory compliance of the data, Dyachenko urges further investigation into the breach and calls for enhanced data protection practices to safeguard personal privacy in the future.
