On December 1st 2018, “Major Ergo” of Pryzrak released the data of her latest victim. This time, Ergo has released 25GB of data belonging to the New York City public taxi system stored with an Amazon cloud. The data, which is assembled in JSON format, includes detailed information such as pickup/dropoff time, date and location, trip length and destination, total number of passengers, fare rates and payment receipts, toll charges, tips, taxes, as well as vendor ID and name.
In a statement online, Major Ergo has informed Rogue Media Labs that she was able to obtain the data through an exposed ElasticSearch server left exposed online, literally the same vulnerability leading to the Sky Brasil data breach/leak earlier this week, exposing the personal data of over 32 million subscribers.
Raw Full Leak: https://hostbin.com/paste/t9kf4e
Leak Example: http://126.96.36.199/nyc_taxis/_search?pretty&q=passenger_count:1
— Major Ergo 🇧🇷 (@ergo_hacker) December 1, 2018
Categories: Hacking News