Contents:
Thomson Reuters, a multinational media conglomerate, left at least three of its databases open which resulted in the leak of at least 3TB of sensitive customer and corporate data, including third-party server passwords. The data could be used by threat actors for a supply-chain attack.
One of the databases, the ElasticSearch database, contained at least 3TB of up-to-date sensitive information.
Details About the Leak
The time stamps on the data samples that the researchers examined show that the data was logged lately, with some of the data beings as recent as October 26. According to Cybernews, the logs in the open database contain critical data that might trigger supply-chain attacks if threat actors gain access to them. For example, the dataset contained credentials to third-party servers which were stored in plaintext format, being visible to anyone crawling through the open instance.
The researchers also discovered login and password reset records in the open instance. The logs show the account holder’s email address and the precise time the password change query was submitted, but they do not reveal either the old or new passwords. The database holds more than 6.9 million unique logs.
Cybernews reached out to Thomson Reuters upon discovering the leaking database. Upon notification, the company took down the open instance immediately. The company’s representative explained that the servers contain information needed to operationally support the platform.
Two of the servers, according to the corporation, are intended for public use, and the third server is a test server for ONESOURCE Global Trade Offering, a Thomson Reuters product. Users can “manage export/import, sanctions screening, and other trade controls activities and related filings” with the use of this tool.
The company started an internal investigation to find the source of the issue. So far, the leading theory suggests that an “isolated error in the product environment resulted in the inadvertent misconfiguration of the non-production environment.”
Thomson Reuters declared that it has begun the process of notifying the affected customers.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.