An online database containing the names of 2.2 million heightened risk individuals and organizations was left unprotected and downloaded by a security researcher who has considered making the information public.
Over the past months, researcher Chris Vickery has identified many misconfigured databases that exposed hundreds of millions of user records online. Earlier this week, the expert revealed that he discovered an older copy of Thomson Reuters’ controversial World-Check database.
World-Check is a global risk intelligence database that financial institutions, governments, law enforcement and intelligence agencies can use to “uncover hidden risks in business relationships and human networks.”
The database, compiled based on publicly available information by over 350 research analysts, covers financial crimes, terrorism, sanctions, organized crime, and politically exposed persons. Thomson Reuters says only vetted entities are given access to World-Check.
The terrorism section of the database is the most controversial as it has been found to include important charities and religious institutions. While Thomson Reuters has advised customers not to rely solely on this data when making a decision, many people have been concerned about its impact on individuals and organizations.
Vickery discovered that a third party left an unsecured copy of the database online. The copy he accessed and downloaded is from mid-2014 and includes the names of 2.2 million people and organizations. The researcher discussed his findings on Reddit, where he asked users if he should make the information public.
“No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time,” Vickery said.
The expert notified Thomson Reuters about the unprotected database and the mass media giant ensured that the third party responsible for the leak addressed the issue.
This was not the first time Vickery found an exposed database storing a large number of records. In December 2015, the researcher discovered some databases containing information on hundreds of millions of U.S. voters.
Related: Misconfigured Database Exposed Microsoft Site to Attacks
Related: Database of California Electric Utility Exposed Online