Public Elasticsearch Servers Expose 9.8 Billion Credential Records Across Enterprise, Cloud, and AI Platforms 

SOCRadar discovered three publicly accessible Elasticsearch instances exposing ~9.88 billion credential records (email/password and URL-linked ULP records). Over half of one dataset’s records were corporate emails, and many records mapped to identity providers (Microsoft, Auth0, Okta), cloud and business platforms, and AI services — enabling large-scale credential stuffing, account takeover, and potential infrastructure compromise. Following responsible disclosure the servers were secured.