Frontier Leaky Logs

Frontier Communications is one of the big players in the internet service provider game with it being classed as the 4th largest in the united states but that doesn't mean a whole great deal when it comes to security.

Last week CTRLBOX Open Data Monitor detected a elastic search server that was not locked behind any authentication at all, the servers DNS was a dead give away as to who owned this as with the entries in the elastic which was full of over 2000 indices (tables) that contained various different types of logs from what appear to be a DDoS and network monitoring system, total size was 3.3GB over 2220 indices.

CTRLBOX Open Data Monitor Showing the Detection

CTRLBOX attempted to contact frontier via the website, however this required that the user be a current customer or at least a US residence, so turning to social media was the next choice and turns out the support on the social media are very helpful. After messaging frontier social media again to find out if any updates and to let them know it was still accessible only to be told that they had forwarded the information to the social media manager and they could not provide any further details however the next day CTRLBOX noticed a email from frontier and it turned out to be the type of email that every security researcher who attempts to notify entities of issues would love to get, Frontier had said thank you and fixed the problem and was grateful for the tip about the issue.

We really appreciate the tip you sent to us  concerning the system log data exposure. We were able to address the  issue due to the information you provided.

So the moral to this is that, if a security researcher reaches out to you, take them serious and give them some appreciation and certainly do not shoot the messenger.