Tuesday, July 18, 2017

Dow Jones index – of customers, not prices – leaks from AWS repo

Dow emulated Verizon safeguard several internal databases (including Wall Street Journal subscribers) in the cloud, without adequately securing it.

The rape was revealed by Chris Vickery of UpGuard and detailed in this publication.

This is a very familiar and direct infringement: someone left a cloud repository set up to provide a 'semi-public access' meaning 'the personal and sensitive financial details of millions of corporate clients' exposed.

"While Dow has confirmed that at least 2.2 million customers were affected, the UpGuard estimates the number of 4 million accounts," the post.

The temporary assignment was an AWS S3 cube with the wrong privacy settings: configuring it to allow access to authenticated users, someone configured did not seem to realize that they were offering access to an authenticated AWS user - not just those with linked accounts - Jones Dow).

UpGuard said Chris Vickery discovers the infringement in late May (in other words, he was working on the rape before UpGuard has announced that he had joined them).

His analysis of the repository, called "Skynet-dj", since even system administrators for those who have a sense of humor and discovered rich.

There is a client file - which now claims to have more than 4 million disks - which includes "customer names, Dow internal customer identifiers, home and business addresses, and account data, such as the promotional offer in which a customer Has registered subscription ".

There is a database of risk and compliance filled with individual records, such as "a large financial sector staff located around the world" to less healthy individuals. Then from the UpGuard post, it is an excerpt that has the leading Libyan database Muammar Gaddafi.

Dow Jones confirmed the breach, but said successes such as The Hill, which was not serious enough to warrant a customer notice as passwords and credit card numbers have not been revealed (just enough data to mount a phishing or theft campaign Identity help). As for the "risk and compliance" files, the database contains only public information.

News Corporation, parent company Dow Jones, another troubled computer to defend today: Australia's pay TV operation Streaming video service Foxtel crashed when a wave of Game of Thrones was up to order new episodes. ®

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.