On March 2nd, 2019, I have discovered an open and unprotected Elasticsearch cluster which contained 257,287 legal documents labeled as ‘not designated for publication‘. The research was part of our initiative to identify and alert organizations that are misconfiguring noSql databases, such as MongoDB, CouchDB, Elasticsearch etc.

https://securitydiscovery.com/a-legal-analytics-company-exposed-passwordless-database-with-sensitive-documents/