Connect with us

Hi, what are you looking for?


Cloud Security

Millions of Dow Jones Customer Records Exposed Online

American news and financial information firm Dow Jones & Company inadvertently exposed the details of millions of its customers. The data was found online by researchers in an Amazon Web Services (AWS) S3 bucket that had not been configured correctly.

American news and financial information firm Dow Jones & Company inadvertently exposed the details of millions of its customers. The data was found online by researchers in an Amazon Web Services (AWS) S3 bucket that had not been configured correctly.

Chris Vickery of cyber resilience firm UpGuard discovered on May 30 an AWS data repository named “dj-skynet” that appeared to contain the details of 4.4 million Dow Jones customers. Dow Jones disabled access to the files only on June 6.

The files included names, customer IDs, physical addresses, subscription details, the last four digits of credit cards and, in some cases, phone numbers belonging to individuals who subscribed to Dow Jones publications such as The Wall Street Journal and Barron’s.

One of the exposed files stored 1.6 million entries for Dow Jones Risk and Compliance, a risk management and regulatory compliance service for financial institutions.

According to UpGuard, the data was accessible because Dow Jones employees had configured the repository’s permissions to allow access to anyone with an AWS account. There are over one million Amazon cloud users and anyone can register an account for free.

Dow Jones confirmed the data leak, but claimed only 2.2 million of its customers were affected, not 4.4 million as UpGuard claims. The security firm has admitted that there could be some duplicate entries.

It’s unclear if affected customers will be notified, but in a statement to The Wall Street Journal the company downplayed the incident, arguing that there is no evidence the data was taken by anyone else and the exposed information does not pose a significant risk to users.

UpGuard disagrees and points out that the data could be highly valuable to malicious actors for phishing and other social engineering schemes.

Advertisement. Scroll to continue reading.

In recent weeks, the security firm reported finding exposed databases storing data belonging to the U.S. National Geospatial-Intelligence Agency (NGA), American voters, and Verizon customers. Unprotected Amazon S3 buckets were involved in all incidents.

“Yet another demonstration of how services such as AWS are missing basic steps that ensure their data and services are configured in a secure fashion,” Bitglass CEO Rich Campagna told SecurityWeek.

“It’s seems like a no-brainer to implement data-centric security tools on any sensitive information that could get out to the public. This approach could ensure that cloud services deny unauthorized access, and organizations could take it one step further and encrypt sensitive data at rest,” Campagna added. “Companies like Dow Jones, Verizon and anyone else using the public cloud for their infrastructure can easily enforce policies that require internal teams and third-parties to adequately protect any customer data that touches the cloud.”

Related: Dow Jones Suffers Data Breach

Related: Suspect Arrested in JPMorgan, Dow Jones Data Theft Case

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.