Recently, security researchers have found that a large database can be accessed publicly without any authentication when the researcher is scanned and tested on a daily basis. It is confirmed that the database is controlled by Shanghai Jiao Tong University. The database mainly contains metadata of various emails such as email addresses and identifiers. This server itself is only used to record metadata and therefore does not contain any email body or even topic content, relatively low potential security risks. After the researchers reported the defect to Shanghai Jiao Tong University, they quickly confirmed and fixed the problem.
The researchers pointed out that this database seems to come from the Zimbra platform, which is a very popular team collaboration and email server building software. The exposed database does not contain the important info, only metadata, such as the user’s email address, IP address, and UA string. And this database is still very active, not the kind of archived database, the researchers initially found the database is only about to 7TB in size.
The database has grown to 8.4TB the next day, indicating that a large number of users are sending and receiving email or other content through this platform. However, the Shanghai Jiaotong University security team responded very quickly and happened to be discovered by the researchers, so this issue did not cause any data leakage.