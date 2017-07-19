Two million Dow Jones customer details exposed via cloud

Wednesday 19 July 2017  | Comment Now
Two million Dow Jones customer details exposed via cloud

Personal details and some credit card info were vulnerable to hackers.

At least two million Dow Jones customers have had personal details exposed online via an unsecured cloud file repository.

Dow Jones, which owns the Wall Street Journal, confirmed to cyber security firm UpGuard that at least 2.2 million customers were affected, though UpGuard estimates the number to be closer to four million accounts.

The exposed information included the names, addresses, account information, email addresses, and last four digits of credit card numbers.

There were also 1.6 million exposed entries in a collection of databases known as "Dow Jones Risk and Compliance", which are subscription-based programmes used by financial institutions to understand how to be compliant with anti-money laundering regulations.

The data was found on an Amazon Web Services (AWS) S3 bucket, and had been configured to allow any AWS "Authenticated Users" to download the data. Amazon defines an authenticated user as any person with an AWS account, of which there are over a million users, and is free to sign up to.

Dan O'Sullivan, cyber resilience analyst at UpGuard, stated that the unsecured information "would be of use to any spammers or digital marketers, but could also be used [for a] far more malign effect". Malicious actors, for instance, could use the information for phishing, pretending to be from the Wall Street Journal and telling customers their account had been compromised or that there was a problem with their subscription.

Dow Jones isn't the only company to have exposed customer details online via an AWS server - a Verizon data breach last week saw six million customer records compromised on an unprotected AWS S3 storage server. Each record included the customer's name, mobile number, and account PIN as well as their home and email address, and Verizon account balance.

Verizon stated that there was no loss or theft of Verizon customer information and that "the overwhelmingly majority of information in the data set had no external value, although there was a limited amount of personal information included".

Meanwhile, the WWE exposed three million fans' accounts online in the same manner, and the AA also suffered a similar fate.

 

This article originally appeared at itpro.co.uk

Related Articles

Source: Copyright © ITPro, Dennis Publishing

See more about:  breach  |  cloud  |  dow jones  |  security
 
 
Latest articles on BIT Latest Articles from BIT
Project management applications compared
18 Jul 2017
Need help keeping track of projects, tasks and teams? We help you select the right app for your ...
Scammers target Origin Energy customers yet again
17 Jul 2017
A security provider has warned of a fourth malware campaign masquerading as electricity bills.
Cybersecurity accelerator starts up
17 Jul 2017
CyRise is looking for startups to join its first six-month program in Melbourne.
Which tech companies can be trusted with your data?
12 Jul 2017
A new report reveals the companies doing a good job of protecting users from snooping governments...
The Road to IT Maturity
11 Jul 2017
How governance can help IT leaders drive change and innovation rapidly – and safely.

Latest Comments

Powered by Disqus

From our Partners

PC & Tech Authority Downloads
 
 
 