Thomson Reuters is the latest company to be hit with a data leak, one that exposed more than 3TB of data, including passwords.
According to the Cybernews research team, Thomson Reuters left three databases exposed to the public. One of them included 3TB of ElasticSearch data, including passwords stored in plaintext.
Cybernews researchers fear the data could ultimately be used in a supply-chain attack:
The naming of ElasticSearch indices inside the Thomson Reuters server suggests that the open instance was used as a logging server to collect vast amounts of data gathered through user-client interaction. In other words, the company collected and exposed thousands of gigabytes of data that Cybernews researchers believe would be worth millions of dollars on underground criminal forums because of the potential access it could give to other systems.
The threat is even more severe since the data is current, with some of it logged as recently as October 26.
“ElasticSearch is a very common and widely used data storage and is prone to misconfigurations, which makes it accessible to anyone. This instance left sensitive data open and was already indexed via popular IoT [internet of things] search engines. This provides a large attack surface for malicious actors to exploit not only internal systems but a way for supply chain attacks to get through. A simple human error can lead to devastating attacks, from data exfiltration to ransomware,” said Mantas Sasnauskas, the Head of Security Research at Cybernews.
Thomson Reuters addressed the issue immediately, but only time will tell what the long-term ramifications will be.