Cyber Incident Victim: Polecat

On October 29, 2020, cybersecurity researchers from WizCase discovered a publicly accessible Elasticsearch server belonging to Polecat, a U.K.-based reputation risk intelligence and analytics firm. The unsecured server contained approximately 30 terabytes of data comprising 12 billion records, predominantly consisting of social media posts and blog entries. This dataset included over 6.5 billion tweets, nearly 5 billion additional records categorized as "social" (appearing to duplicate the tweet collection), and more than 1 billion posts scraped from various blogs and websites. The exposure occurred shortly before the 2020 U.S. Election, with researchers noting that Polecat appeared to have conducted election-related analysis similar to its 2016 U.S. Presidential Election prediction work during this period.

Within 24 hours of the discovery on October 30, attackers executed a Meow attack on the server, erasing more than half of the exposed data. Subsequent unauthorized access events resulted in further data destruction. WizCase attempted to notify Polecat about the breach on October 30 and November 1, while also alerting OVH, the hosting provider, on November 1. Polecat secured the server on November 2, coinciding with their first response to the researchers. The company did not reply to inquiries from DataBreaches.net regarding their data retention practices, though their privacy policy stated they would remove personal information upon request via a designated email address. The incident resulted in irreversible data loss from malicious attacks and created potential privacy risks due to the exposure of billions of social media records containing personal information. WizCase did not disclose the reason for delaying public notification of the breach until their report’s publication.