Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Thomson Reuters Terrorism Database Leaked Online

An online database containing the names of 2.2 million heightened risk individuals and organizations was left unprotected and downloaded by a security researcher who has considered making the information public.

An online database containing the names of 2.2 million heightened risk individuals and organizations was left unprotected and downloaded by a security researcher who has considered making the information public.

Over the past months, researcher Chris Vickery has identified many misconfigured databases that exposed hundreds of millions of user records online. Earlier this week, the expert revealed that he discovered an older copy of Thomson Reuters’ controversial World-Check database.

World-Check is a global risk intelligence database that financial institutions, governments, law enforcement and intelligence agencies can use to “uncover hidden risks in business relationships and human networks.”

The database, compiled based on publicly available information by over 350 research analysts, covers financial crimes, terrorism, sanctions, organized crime, and politically exposed persons. Thomson Reuters says only vetted entities are given access to World-Check.

The terrorism section of the database is the most controversial as it has been found to include important charities and religious institutions. While Thomson Reuters has advised customers not to rely solely on this data when making a decision, many people have been concerned about its impact on individuals and organizations.

Vickery discovered that a third party left an unsecured copy of the database online. The copy he accessed and downloaded is from mid-2014 and includes the names of 2.2 million people and organizations. The researcher discussed his findings on Reddit, where he asked users if he should make the information public.

“No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time,” Vickery said.

The expert notified Thomson Reuters about the unprotected database and the mass media giant ensured that the third party responsible for the leak addressed the issue.

This was not the first time Vickery found an exposed database storing a large number of records. In December 2015, the researcher discovered some databases containing information on hundreds of millions of U.S. voters.

Related: Misconfigured Database Exposed Microsoft Site to Attacks

Related: Database of California Electric Utility Exposed Online

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...