[developer2]

Yep, that's an indication of Elasticsearch being used (and not transforming documents to a standard representation that strips such fields).

[ashtonkem]

It seems like they basically just exposed a lot of data directly, as apparently most of their APIs didn’t enforce any authentication or hide records that had been soft deleted.

Apparently the records were strictly sequential, which I don’t believe is true for Mongo which IIRC includes the node ID in part of it.