Dow Jones & Company has accidentally leaked the personal details and financial information of at least 2.2 million of its customers, but security experts believe this number is said to increase.

Security researchers at UpGuard found that a cloud-based file repository had been misconfigured to allow semi-public access to 2.2 million customers, however, UpGuard believes the number may be as high as 4 million.

The leak was revealed on May 30 and the database was secured by June 6, however, Dow Jones made little to no effort to notify customers of the incident, aside from an article published in the Journal on July 16 covering the leak. It’s of utmost importance that any organization who experiences a breach notifies their customers immediately to allow their customers to quickly act to protect their personal and financial information.

The leaked data includes the names, addresses, account details, email addresses, and the last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal. 1.6 million entries in the suite of databases Dow Jones Risk & Compliance were also leaked. These programs are used heavily by financial organizations for compliance with anti-money laundering regulations.

The exposed repository, an Amazon Web Services S3 bucket, had been configured through the permissions settings to allow any AWS ‘Authenticated User’ to download the data via the repository’s URL. Small problem with that: by Amazon's definition, an ‘Authenticated User’ is ‘any user that has an Amazon AWS account’, allowing millions of users to register with AWS to access this information for free.

 

Read this article on InfoSecurity Magazine

 

 

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.