Dow Jones has leaked 2.4 million user data through an incorrectly configured Amazon Web Services (AWS) server. That’s what Silicon Angle reports. Dow Jones is a financial company and the Dow Jones Industrial Average is very important for the American stock market.
The leak was discovered by security guard Bob Diachenko. He found the database, which was open to everyone, via an AWS Elasticseach instance. The data contained personal details related to what Dianchenko identified as politicians, people with political influence in each country and civil servants. There were also data related to their family members, close colleagues and companies.
Dow Jones confirmed the leak, but blames others. In contrast to Diachenko, the company states that “our research currently suggests that this is the result of a misconfiguration of an AWS server by an authorized third party, and that the data is no longer available”.
Criticism
However, several people have criticised the leak to Silicon Angle. “Dow Jones had a similar misconfiguration in cloud storage two years ago, draining the information of 2.2 million customers,” says Chris DeRamus, CTO at DivvyCloud.
“It is disturbing that Dow Jones has clearly not taken the right steps to improve his security. Organizations need to be aware of the importance of balancing their use of the public cloud, containers, hybrid infrastructure and proper security controls.”
“Such leaks are often caused by holes in security programs, which are easy to detect and prevent,” adds Carl Wright, CCO at AttackIQ. “Organizations need to take proactive steps to protect their data through continuous evaluation of their existing security, to find gaps before a hacker does so and exploit vulnerabilities.
Anurag Kahol, CTO and founder of Bitglass, calls not securing such information “negligent and irresponsible”. “While all organizations need to protect their data, Dow Jones certainly needs to meet the highest security standards. The type of information they collect, store and share requires that.”
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.