The Elasticsearch database was left exposed without any security authentication which means it could have been accessed by anyone with access to a web browser, and a valid URL.