Records Of Dow Jones Customers Exposed Online

A misconfigured database on an Amazon S3 server exposed the data of about 2 to 4 million Dow Jones & Co. customers, as claimed in a report by Chris Vickery of cyber resilience firm named UpGuard.

 

Dow Jones

 

This leak was discovered on May 30th 2017. Chris Vickery discovered an AWS data repository by the name “dj-skynet”. This repository housed the details of 4.4 million Dow Jones customers. He shut the access to this file only on June 6th 2017. This unprotected file contained sensitive personal and financial details of millions of individuals who had subscribed to Dow Jones publications including the Baron’s & The Wall Street.
Customer names, customer IDs, addresses, subscription details, email IDs, last four digits of credit cards and, in some cases, phone numbers were some of the critical details housed in this file. The most frightening part of this leak was the inclusion of the last four digits of customer’s credit cards and their email addresses.
According to UpGuard, this data was exposed as the Dow Jones employees had misconfigured the access permissions on the repository. This gave access to anyone with an AWS account to the said repository. There are one million plus Amazon cloud users and the fact remains that basic account registration is free. Dow Jones agreed to the leak in their customer data. Though they agreed to the leak but claimed that half of the claimed amount i.e. 2.5 million of its customers were affected. UpGuard admitted to the presence of duplicate entries.

“This was due to an internal error, not a hack or attack “- was the statement given by the Dow Jones official Spokesman.

Dow Jones 2

 

The information was over blown on the Amazon cloud, not the open Internet. UpGuard’s Cyber Risk Team claimed Dow Jones’ response to the exposure “sluggish” and called the company’s response “of great concern”. Considering how vital it is for companies to inform customers of this leak so that the customers can safeguard their information and nullify the possibility of a malicious attack targeting the accounts on the leaked file.

Leave a Reply

Your email address will not be published. Required fields are marked *