Because of a configuration error in Amazon Web Services, the company exposed highly sensitive information
According to network security and ethical hacking specialists from the International Institute of Cyber Security, Dow Jones has become the most recent victim of confidential information exposure due to configuration errors of its cloud storage service. According to reports, a poor configuration on its platform at Amazon Web Services (AWS) resulted in the company’s critical information leaking.
Bob Diachenko, an independent network security specialist, discovered the huge set of compromised Dow Jones information in an Elasticsearch cluster. According to the investigator, the compromised information consists of about 4 GB of company data, and was available for the public access to anyone with sufficient knowledge to access these online leaks.
The network security expert highlights that the dataset contains about 2.5 million records showing confidential information, such as:
- Information related to politically exposed people, their relatives, close associates and associated companies
- Lists and categories of sanctions from national and international governments
- Persons who are officially linked or charged with serious crimes
- Notes made by Dow Jones
“The list includes politically relevant characters, citizens with criminal history, and possible links to terrorist organizations, and even companies sanctioned for high-profile financial crimes”, mentions a statement from an authority Regulatory in the public relations market. Exposed records include names, addresses, location data, birth dates, genres, and even photographs.
A Dow Jones official pronouncement is still expected.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.