Email threads between specific users could be seen, but it is worth noting that only the metadata was involved, and neither subject lines or email body content was exposed.
A day after the discovery, Shanghai Jiao Tong University was notified of the open server. To the institution's credit, the leak was plugged within 24 hours.
"While searching Shodan, I recently discovered an ElasticSearch database without any authentication," Paine said. "This database contained metadata related to a huge amount of emails. I would like to thank the university's security team for their prompt action to secure this data once notified. As far as I am aware they have not notified the impacted students though."
Shodan is becoming a common factor in researchers discovering open, unsecured databases and servers. Earlier this month, researchers from vpnMentor found an open database which exposed 85.4GB in security audit logs belonging to major hotel chains and independent resorts via a property management company.