"Misconfigured Server Leaks US Terror Watchlist"

Researchers a Comparitech have discovered that a secret watchlist of suspected terrorists maintained by the FBI was exposed online after a configuration error. The researchers found the Terrorist Screening Center (TSC) list on July 19, when the exposed Elasticsearch server was indexed by search engines Censys and ZoomEye. It contained 1.9 million records, including full name, TSC watchlist ID, citizenship, gender, date of birth, passport number, and more. The list was left online without a password or any other authentication to secure it.  The researchers stated that the terrorist watchlist is made up of people who are suspected of terrorism but who have not necessarily been charged with any crime.  The researchers believe that this list could be used to oppress, harass, or persecute people on the list and their families in the wrong hands.  The exposed server, which was found on a Bahrain rather than a US IP address, was apparently left online without any security for three weeks after the researchers informed the Department of Homeland Security (DHS).

Infosecurity reports: "Misconfigured Server Leaks US Terror Watchlist"