The ElasticSearch server, Thomson Reuters said, was a non-production device that "only houses application logs from the non-production environment associated with a small subset of Thomson Reuters's Global Trade customers," who it said it had already notified.
Two of the servers, Thomson Reuters said, were designed to be publicly accessible and so weren't a risk, while the third ElasticSearch one wasn't supposed to be exposed, but isn't a serious problem. Thomson Reuters said it appreciated the work of ethical security researchers and added that it immediately addressed the issue when notified. "There is a high chance the open instance included much more sensitive data since the database holds more than 6.9 million unique logs that take up over 3TB of server disk," the researchers hypothesized. The researchers said the ElasticSearch database included plain text data like password reset logs (though no actual passwords were exposed), SQL logs showing what Thomson Reuters clients were searching for, and documents returned through those searches. Security researchers investigating the website of media company Thomson Reuters have found three exposed databases containing data they said could be worth millions of dollars on dark web forums for use in supply chain attacks.Īccording to the research team at Cybernews, the three databases were easy to find and crawl, but one server was juicier than others: it contained 3TB of "sensitive, up-to-date information from across the company's platforms." Thomson Reuters database exposes 3TB of customer data to the web This apparently happened over the summer while she was still foreign secretary.
It was reported over the weekend that now-former UK Prime Minister Liz Truss's phone was compromised by suspected Russian agents to obtain top secret information.
0 kommentar(er)
