A Dow Jones list of millions of people at risk for bribery and corruption, as well as high-profile criminals and terrorists, sat out in the open on an unsecured online database, a researcher has found, The CNet reports.
The Watchlist is a proprietary database that financial institutes use to flag potential customers who may be too risky to bank with. Ukranian researcher Bob Diachenko said in a blog post that the list includes more than 2.4 million records and lists the relatives, businesses and close associates affiliated with high-risk individuals, as well as citations from federal agencies and other law enforcement groups.
The exposed list, earlier reported in TechCrunch, is the latest example of a much larger problem. Databases full of sensitive information are often left unsecured on the internet, and they're easy to find. Anyone can be in one of these lists, like the Hello Kitty fans, including children, whose data was exposed in an unsecured database in 2015.
"We live in the age of big data where we are probably going to be on a list someday," Diachenko said in his blog post, "but let's hope that list is not leaked online or publicly available."
Dow Jones said in a statement that the database is now secured.
"This dataset is part of our risk and compliance feed product, which is entirely derived from publicly available sources," the company said in its statement. "At this time our review suggests this resulted from an authorized third party's misconfiguration of an AWS server, and the data is no longer available.”