Because of a configuration error in Amazon Web Services, the company exposed highly sensitive information
According to network
security and ethical hacking specialists from the International
Institute of Cyber Security, Dow Jones has become the most recent victim of
confidential information exposure due to configuration errors of its cloud
storage service. According to reports, a poor configuration on its platform at Amazon
Web Services (AWS) resulted in the company’s critical information
leaking.
Bob Diachenko, an independent network security
specialist, discovered the huge set of compromised Dow Jones information in an
Elasticsearch cluster. According to the investigator, the compromised
information consists of about 4 GB of company data, and was available for the
public access to anyone with sufficient knowledge to access these online
leaks.
The network security expert highlights that the
dataset contains about 2.5 million records showing confidential information,
such as:
- Information
related to politically exposed people, their relatives, close associates and
associated companies - Lists
and categories of sanctions from national and international governments - Persons
who are officially linked or charged with serious crimes - Notes
made by Dow Jones
“The list includes politically relevant
characters, citizens with criminal history, and possible links to terrorist
organizations, and even companies sanctioned for high-profile financial crimes”,
mentions a statement from an authority Regulatory in the public relations
market. Exposed records include names, addresses, location data, birth dates,
genres, and even photographs.
A Dow Jones official pronouncement is still
expected.