【he's out of line but he's right memes】2.4 Million Dow Jones High-Risk Watchlist Clients Exposed
More than 2 million records potentially compromised in recent data breach (Image: Shutterstock).
An exclusive Dow Jones & Co. watchlist of more than 2.4 million high-risk clients was unintentionally exposed due to a misconfigured and unsecured Elasticsearch database hosted on Amazon Web Services.
Thehe's out of line but he's right memes directory was discovered Feb. 22, 2019 by security researcher Bob Diachenko, who found it after a third-party company left it open without a password. “Used by eight of the world’s ten largest, global, financial institutions Dow Jones Watchlist is statistically proven to be the most accurate, complete, and up-to-date list of senior PEPs (politically exposed persons), their relatives and close associates,” Diachenko wrote.
The database was left sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look. The
indexed, tagged and searchable list of 2,418,862 records
(some sources place the exposed records as high as four million) included current and former politicians, individuals with alleged criminal histories and possible terrorist links, and companies under sanctions or convicted of financial crimes. The exposed records included names, addresses, locations, birthdates, genders, whether they are deceased or not, and in some cases, photographs.
In a letter published by its stable companion,
The Wall Street Journal
, Dow Jones said, “To date, our extensive review has not uncovered any direct evidence that information was stolen, and we have taken steps to stop the unauthorized access.”
Multiple security experts weighed in on the incident.
“This security lapse from the Dow adds to a growing list of organizations in 2019 that have left Elasticsearch servers unprotected, therefore exposing massive quantities of proprietary data,” Chris DeRamus, CTO, Arlington, Va.-based DivvyCloud, said. “Dow Jones suffered a similar cloud storage misconfiguration two years ago that exposed the information of 2.2 million customers." DeRamus added, organizations must realize the importance of balancing their use of the public cloud, containers, hybrid infrastructure and more with proper security controls.
Carl Wright, chief compliance officer of San Diego-based AttackIQ, observed, “This data breach is particularly egregious for both the lack of very basic protection, a password, and the extremely high degree of sensitivity of the data. There may be people on the list that are innocent, and the risky individuals are now aware they are on the list and can change their tactics to avoid detection in the future.”
Wright suggested because such leaks are often caused by gaps in security programs that can be easily detected and prevented, organizations must take proactive approaches to protect their data through continuous evaluation of their existing security controls.
Anurag Kahol, chief technology officer and founder, Campbell, Calif.-based Bitglass held, “Leaving this information unprotected is both careless and irresponsible – as is failing to address the issue in detail with the public. While all organizations need to defend their data, Dow Jones, in particular, must adhere to the highest of security standards – the type of information that they collect, store, and share demands it.”
The onus is on the enterprise to secure access to the data that is being stored within the platform. “At the most basic level, this requires the use of a password (although this alone is not sufficient for cybersecurity),” Kahol also said.
"The lists of politically exposed persons, terrorists and convicted cybercriminals are compiled and curated from a variety of third-party databases,” Robert Prigge, president, Palo Alto, Calif-based Jumio, contributed. He noted because these lists are used by a variety of companies including Dow Jones, Thomson Reuters (now Refinitiv), and ComplyAdvantage, and contain the names of politically exposed persons and known criminals the effect on the Average Joe will probably be less.
Jake Olcott, VP at Boston-based BitSight, said, "It’s no wonder that third party risk has become the most significant cyberissue for organizations around the globe. More outsourcing has created more risk."
Additionally, Todd Peterson, identity and access management evangelist at Aliso Viejo, Calif.-based One Identity, said, “Compliance doesn’t care who you are. Even the bad guys’ personally identifiable information is subject to regulatory oversight. How are they going to do their ‘jobs’ if everyone knows who they are?”
Kevin Gosschalk, CEO, San Francisco-based Arkose Labs, warned, “The concerning trend of large-scale data breaches is how easy it has become for cybercriminals to weaponize the exposed data with automation in credential stuffing attacks – putting millions of people at risk.” Gosschalk added, companies must discover, track, and monitor their attack surface.
Jonathan Deveaux, head of enterprise data protection at comforte AG, commented: “
Dow Jones & Co.
is yet another example of a company that has failed its customers without taking proper security measures – and twice now. Really, it’s a classic case of a company wanting to invest in the cool technology, in this case Elasticsearch and AWS S3 buckets, but not understanding the security ramifications of that technology.”
Deveaux explained organizations need to adopt data security to protect their data, wherever it may exist or whomever may be managing it on their behalf.
View comments
下一篇:SHAREHOLDER ALERT: Pomerantz Law Firm Reminds Shareholders with Losses on their Investment in Sasol Limited of Class Action Lawsuit and Upcoming Deadline - SSL
相关文章:
- Tembo Gold Adds 70 km2 Adjoining Bulyanhulu and Provides Prospecting Licence Update
- Adani considering buying SunEdison solar assets - sources
- BIC Sport Divestiture Closing
- China denies diplomat spied on Japan
- AUD/USD Weekly Price Forecast – Australian Dollar Rallies Significantly For The Week
- Trump says U.S. officials to make plea for wall in meeting with lawmakers
- Can We See Significant Insider Ownership On The Bayerische Motoren Werke Aktiengesellschaft (FRA:BMW) Share Register?
- Tesla and Akamai Technologies tumble while Cabot Oil rises
- Imagine Owning ImmunoPrecise Antibodies (CVE:IPA) And Wondering If The 44% Share Price Slide Is Justified
- BRIEF-Tianjin Capital Environmental Protection Wins Bid For Sewage Treatment PPP Project
相关推荐:
- INSIGHT-The religious retreat that sparked India's major coronavirus manhunt
- Piper Jaffray Recommends 5 Retailers for 2019
- Should Stantec Inc. (TSE:STN) Focus On Improving This Fundamental Metric?
- Corporate News Blog - Alliance Resource Partners and Alliance Holdings GP Announce Elimination of IDRs and Conversion of General Partner Interest for 56.1 Million ARLP Units
- Earnings Outlook for Manitowoc Co
- Pompeo, Brazil foreign minister discuss democracy support for Cuba, Venezuela, Nicaragua
- Crocs, Shoe Carnival Surge Higher After Susquehanna Upgrades
- Does Cosmo Pharmaceuticals N.V.’s (VTX:COPN) CEO Salary Compare Well With Others?
- Where Do Hedge Funds Stand On FS Bancorp, Inc. (FSBW)?
- Best Games of 2018: Cultural Impact and Industry Shakeups
- Mitch Gould and Nutritional Products International Welcome Record-Shattering GDP for Third Quarter
- Hedge Funds Souring On E*TRADE Financial (ETFC)
- Analysts Just Slashed Their China Cinda Asset Management Co., Ltd. (HKG:1359) EPS Numbers
- Huawei confident it will supply core network technology to European operators
- Natural Gas Price Fundamental Weekly Forecast – Heating Season Begins with Hedge Funds Holding Long Positions
- Do companies sometimes 'ghost' job applicants? Ask HR
- A2Z Technologies Lists on Frankfurt Stock Exchange
- Bitcoin Falls 11% In Bearish Trade
- Coronavirus Could Hold Up Annual Ocean Shipping Contracts
- What Can We Learn About FRP Holdings' (NASDAQ:FRPH) CEO Compensation?
- https://telegra.ph/SHAREHOLDER-ALERT-Lundin-Law-PC-Announces-Securities-Class-Action-Lawsuit-against-StoneMor-Partners-LP-and-Encourages-Investors--10-01
- https://telegra.ph/RUBBER-Tokyo-futures-prices-after-evening-session-10-01-4
- https://telegra.ph/Barry-Callebaut-and-PT-Comextra-Majora-open-USD-33-million-cocoa-facility-in-MakassarIndonesia-10-01
- https://telegra.ph/Banyan-Air-Service-Completes-Agreement-With-ATP-to-Begin-Transitioning-Technical-Publication-Libraries-to-Online-Access-10-01
- https://telegra.ph/Stitch-Fixs-Stock-Has-Simply-Run-Too-Far-Wells-Fargo-Says-In-Downgrade-10-01
- https://telegra.ph/Amazon-Muscles-In-on-Microsoft-Apple-Fight-for-Top-Market-Value-10-01-2
- https://telegra.ph/Nobel-Prize-economist-warns-of-US-stock-market-bubble-10-01
- https://telegra.ph/PBMI-Announces-Six-Organizations-as-Winners-of-Its-Inaugural-Excellence-Award-10-01-2
- https://telegra.ph/Venezuela-leader-hikes-minimum-wage-30-pct-amid-raging-inflation-10-01
- https://telegra.ph/Stillcannas-Romania-Extraction-Facility-Receives-Final-Operational-Permit-and-Stillcanna-Appoints-New-President-of-European-Oper-10-01