Terrorists and politicians exposed by Dow Jones data leak

Source: SAMI, 13/05/2019

The database, which was hosted on AWS, was discovered by Bob
Diachenko, a security researcher who has previously identified
similar data breaches involving Veeam and contact aggregator
Adapt.io. Diachenko wrote that the list was `sitting on a public
Elasticsearch cluster 4.4GB in size and available for public
access to anyone who knew where to look`.
The watchlist in question is a database of individuals and
companies that Dow Jones considers `high-risk` - which in this
case refers to their potential links to terrorism or organised
crime. Doing business with such entities can carry high penalties
if they are under official sanctions, and financial institutions
use lists like this to ensure they do not run afoul of anti-money
laundering and counter-terrorist financing regulations.
Individuals and companies contained in the database include
government officials and politicians, suspected terrorists and
perpetrators of major financial crimes. According to TechCrunch,
the profiles included a varying range of details personal details
like names, ages, geographic locations and sometimes photographs,
alongside detailed notes culled from sources such as news reports,
government filings and EU and UN data.
`In other words, it contained the identities of government
officials, politicians and people of political influence in every
country of the world,` Diachenko wrote. `What makes this data so
much more valuable is the focus on premium and reputable sources.
In the age of fake news and social engineering online it is easy
to see how valuable this type of information would be to
companies, governments, or individuals.`
A Dow Jones spokesperson said that the data, which is part of
their risk and compliance offering, was no longer available,
saying: `This data is entirely derived from publicly available
sources. At this time our review suggests this resulted from an
authorized third party`s misconfiguration of an AWS server, and
the data is no longer available.`
Unsecured Elasticsearch databases have been behind a number of
data breaches recently, including one involving 32 million Sky
Brazil customers. Hackers have also been targeting Elasticsearch
clusters in an apparent attempt to implant victims` machines with
malware. Watchlists have also been something of a security risk;
Thompson Reuters suffered a breach of its own watchlist in 2016
which exposed 2.2 million records.