An online database containing the names of 2.2 million heightened risk individuals and organizations was left unprotected and downloaded by a security researcher who has considered making the information public.
Over the past months, researcher Chris Vickery has identified many misconfigured databases that exposed hundreds of millions of user records online. Earlier this week, the expert revealed that he discovered an older copy of Thomson Reuters’ controversial World-Check database.
World-Check is a global risk intelligence database that financial institutions, governments, law enforcement and intelligence agencies can use to “uncover hidden risks in business relationships and human networks.”
The database, compiled based on publicly available information by over 350 research analysts, covers financial crimes, terrorism, sanctions, organized crime, and politically exposed persons. Thomson Reuters says only vetted entities are given access to World-Check.
The terrorism section of the database is the most controversial as it has been found to include important charities and religious institutions. While Thomson Reuters has advised customers not to rely solely on this data when making a decision, many people have been concerned about its impact on individuals and organizations.
Vickery discovered that a third party left an unsecured copy of the database online. The copy he accessed and downloaded is from mid-2014 and includes the names of 2.2 million people and organizations. The researcher discussed his findings on Reddit, where he asked users if he should make the information public.
“No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time,” Vickery said.
The expert notified Thomson Reuters about the unprotected database and the mass media giant ensured that the third party responsible for the leak addressed the issue.
This was not the first time Vickery found an exposed database storing a large number of records. In December 2015, the researcher discovered some databases containing information on hundreds of millions of U.S. voters.
Related: Misconfigured Database Exposed Microsoft Site to Attacks
Related: Database of California Electric Utility Exposed Online
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
Latest News
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
