"Thomson Reuters Collected and Leaked at Least 3TB of Sensitive Data"

The multinational media conglomerate, Thomson Reuters, left an open database containing sensitive customer and corporate data, including plaintext third-party server passwords. Attackers could use the information to launch a supply chain attack. According to the Cybernews research team, Thomson Reuters left at least three of its databases open to the public. The 3TB public-facing ElasticSearch database, one of the open instances, contains sensitive, up-to-date data from across the company's platforms. The size of the open database discovered by the team corresponds to the company's use of ElasticSearch, a data storage preferred by enterprises dealing with large, constantly updated volumes of data. The naming of ElasticSearch indices within the Thomson Reuters server suggests that the open instance was used as a logging server to collect massive amounts of data gathered via user-client interaction. Therefore, the company gathered and exposed thousands of gigabytes of data, which Cybernews researchers estimate would be worth millions of dollars on underground criminal forums due to the potential access it could provide to other systems. Time stamps on data samples reviewed by the team show that the information was logged recently. The team also discovered login and password reset logs in the open instance. While the logs do not reveal either old or new passwords, they do reveal the account holder's email address, and the exact time the password change query was sent. Another piece of sensitive information includes SQL logs that show information searches made by Thomson Reuters clients. The records also include the information returned by the query. Documents containing corporate and legal information about specific businesses or individuals are included. For example, an employee of a US-based company used Thomson Reuters services to find information about a Russian organization. This article continues to discuss Thomson Reuters leaking at least 3TB of sensitive data.

Security Affairs reports "Thomson Reuters Collected and Leaked at Least 3TB of Sensitive Data"