f in x
Nextcloud leaks 367K records: misconfigured database exposes staff and client data
> cd .. / HUB_EDITORIALE
News

Nextcloud leaks 367K records: misconfigured database exposes staff and client data

[2026-07-09] Author: Meteora Web Redazione
Zenithby Meteora Web The operating system for your business. Social, clients, bookings and invoices in one platform. Gyms, barbers, professionals. Discover Zenith Free demo · no card

A misconfigured ElasticSearch cluster belonging to European cloud provider Nextcloud exposed approximately 367,000 records containing sensitive internal and client data. Discovered in mid-May 2026 by Cybernews researchers, the breach highlights the risks of cloud hosting misconfigurations, even for companies specializing in private cloud services.

The exposed archive contained 8 GB of contracts, scripts, and employee details

The unprotected database included 71,000 PDF files, 53,000 PNG images, and 23,000 MD files, totaling 8 GB. Among the exposed data were employee email addresses, client company names and addresses, contracts, and custom-built scripts. Some information was left unencrypted, making it accessible to anyone who knew the cluster's address. Nextcloud, known as an open-source alternative to Google Drive and Microsoft 365, responded within two days by securing the database and notifying relevant authorities.

Sponsored Protocol

Nextcloud response: no evidence of unauthorized access detected

The company attributed the incident to a hosting infrastructure misconfiguration, emphasizing that customer cloud servers were not affected. A spokesperson stated: 'The issue was caused by a misconfiguration of our hosting infrastructure and is not related to the Nextcloud solution. No other Nextcloud servers belonging to our customers, partners or other users have been affected by this issue.' However, Cybernews researchers warned that if their team discovered the exposed dataset, malicious actors using automated bots could have done the same, potentially stealing data before the database was locked down.

Sponsored Protocol

Data security implications for European cloud providers

This incident underscores the critical importance of proper database configuration and access controls, even for established companies. As global tech competition intensifies, data protection becomes paramount. The lack of authentication and encryption on sensitive data repositories poses a severe risk to both companies and their clients. Security experts recommend regular audits and stringent access policies to prevent such breaches.

Nextcloud has since strengthened its security measures, but the incident raises questions about transparency and responsiveness in the cloud industry. For more details, refer to the original TechRadar article that first reported the breach.

Sponsored Protocol

In an era where data is a prime asset, even cloud giants can fall victim to configuration errors. The lesson for businesses is clear: security is not just about software but also about processes and staff training. As highlighted in the case of inventory management, attention to detail prevents losses; similarly, in cloud computing, careful configuration can mean the difference between secure service and a data leak.

Source: https://www.techradar.com/pro/security/nextcloud-leaks-367k-records-european-cloud-giant-exposes-staff-and-clients-in-major-breach

Meteora Web Redazione

> AUTHOR_EXTRACTED

Meteora Web Redazione

La redazione di Meteora Web Agency: ingegneri informatici e professionisti del digitale che pubblicano ogni giorno news e approfondimenti su tecnologia, software, marketing e innovazione.
[ Read Full Dossier ]

> METEORA_WEB // DIGITAL AGENCY

We build the digital presence your business deserves.

Websites, social media, online advertising, e-commerce and high-performance hosting, engineered with method by computer engineers in Sciacca, for all of Italy.

> MW_JOURNAL

> READ_ALL()