Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack.
The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company’s platforms. The company recognized the issue and fixed it immediately.
Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools.
The size of the open database the team discovered corresponds with the company using ElasticSearch, a data storage favored by enterprises dealing with extensive, constantly updated volumes of data.
Time stamps on data samples reviewed by the team indicate that the information was logged recently, with some pieces of data as recent as October 26. According to the researchers, the logs in the open database contain sensitive information and could lead to supply-chain attacks if accessed by threat actors.
Another piece of sensitive information includes SQL (structured query language) logs that show what information Thomson Reuters clients were looking for. The records also include what information the query brought back.
Full article here https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/
#Thomson #Reuters #leak #sensitive #data #supplychain #attack #yokdata #blog