An open Elasticsearch instance has exposed more than 5 billion records in an incident discovered on March 16. The data in two Elasticsearch collections appears to be information on data breaches collected by a UK-based research firm from 2012 to 2019. The structured data includes extensive information on the breaches, including domain, source, contact email address, and password. While many of the incidents appear to have been public knowledge, some of the information in the database is not and therefore could present at least an enhanced phishing risk for victims.”]