IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Terrorists and politicians exposed by Dow Jones data leak

2.4m records left exposed on unsecured AWS server

A Dow Jones watchlist of more than 2.4 million entities that its clients should consider 'high-risk' has been inadvertently leaked to the public, thanks to an incorrectly configured and unsecured Elasticsearch database.

The database, which was hosted on AWS, was discovered by Bob Diachenko, a security researcher who has previously identified similar data breaches involving Veeam and contact aggregator Diachenko wrote that the list was "sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look".

The watchlist in question is a database of individuals and companies that Dow Jones considers 'high-risk' - which in this case refers to their potential links to terrorism or organised crime. Doing business with such entities can carry high penalties if they are under official sanctions, and financial institutions use lists like this to ensure they do not run afoul of anti-money laundering and counter-terrorist financing regulations.

Individuals and companies contained in the database include government officials and politicians, suspected terrorists and perpetrators of major financial crimes. According to TechCrunch, the profiles included a varying range of details personal details like names, ages, geographic locations and sometimes photographs, alongside detailed notes culled from sources such as news reports, government filings and EU and UN data.

"In other words, it contained the identities of government officials, politicians and people of political influence in every country of the world," Diachenko wrote. "What makes this data so much more valuable is the focus on premium and reputable sources. In the age of fake news and social engineering online it is easy to see how valuable this type of information would be to companies, governments, or individuals."

A Dow Jones spokesperson said that the data, which is part of their risk and compliance offering, was no longer available, saying: "This data is entirely derived from publicly available sources. At this time our review suggests this resulted from an authorized third party's misconfiguration of an AWS server, and the data is no longer available."

Unsecured Elasticsearch databases have been behind a number of data breaches recently, including one involving 32 million Sky Brazil customers. Hackers have also been targeting Elasticsearch clusters in an apparent attempt to implant victims' machines with malware. Watchlists have also been something of a security risk; Thompson Reuters suffered a breach of its own watchlist in 2016 which exposed 2.2 million records.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Salaries for the least popular programming languages surge as much as 44%

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022