On October 21, 2022, Reuters Corporation has exposed over three terabytes of private as well as corporate information on a public database called ElasticSearch that contains updated information from thousands of corporations, allowing hackers the accessibility of discovering mistakes within hours. It is stated by Cybernews that content from the databases, includes “plaintext passwords to third-party servers and logging data collected through user-client interactions” (Security Affairs).
The corporation assists and provides services to companies such as online editorial, research services, and tax automation.
Elasticserch has over 6.9 million logs of data. The information collected in this public database includes but are not limited to:
- Specific legal information about individuals and businesses
- Internal screening of platforms such as YouTube
- Login and password reset logs
This isn’t the first time that Reuters had an issue with cybersecurity and data leaks. There was once an issue where data from Reuters was found on IoT devices connected to the internet, where private data is still accessible today.
It is also stated by Cybernews, that private information was accessible to the public since October 21st, and was open for almost three days until the mistake was discovered. Additionally, this leak is alarming because hackers will be able to utilize company’s passwords associated with Reuters, which will allow hackers to attack companies for ransom.
Here is some additional information that should be brought to your attention.
- Thomson Reuters has now closed access to the data.
- The company has also begun to notify companies.
- The company's acquired information could potentially be sold through criminal forums for millions of dollars.
The Infiniwiz technical team takes a proactive approach to your cyber security.
Stay updated and alert on this leakage, as this is an ongoing issue at hand.