Because of a configuration error in Amazon Web Services, the company exposed highly sensitive information
According to network security and ethical hacking specialists from the International Institute of Cyber Security, Dow Jones has become the most recent victim of confidential information exposure due to configuration errors of its cloud storage service. According to reports, a poor configuration on its platform at Amazon Web Services (AWS) resulted in the company’s critical information leaking.
Bob Diachenko, an independent network security specialist, discovered the huge set of compromised Dow Jones information in an Elasticsearch cluster. According to the investigator, the compromised information consists of about 4 GB of company data, and was available for the public access to anyone with sufficient knowledge to access these online leaks.
The network security expert highlights that the dataset contains about 2.5 million records showing confidential information, such as:
- Information related to politically exposed people, their relatives, close associates and associated companies
- Lists and categories of sanctions from national and international governments
- Persons who are officially linked or charged with serious crimes
- Notes made by Dow Jones
“The list includes politically relevant characters, citizens with criminal history, and possible links to terrorist organizations, and even companies sanctioned for high-profile financial crimes”, mentions a statement from an authority Regulatory in the public relations market. Exposed records include names, addresses, location data, birth dates, genres, and even photographs.
A Dow Jones official pronouncement is still expected.