A file containing highly sensitive details on a mix of politicians, convicted criminals, citizens with possible terrorist links, companies facing sanctions, organizations convicted of high-profile crimes, and more...was compiled, aggregated and indexed into a single database and left unprotected and publicly available.
The company claims “This data is entirely derived from publicly available sources. At this time our review suggests this resulted from an authorized third party’s misconfiguration of an AWS server, and the data is no longer available.”
At 4iQ, we are seeing an increasing trend of "publicly available data" packaged and included in data portfolios of underground brokers.
A cybersecurity researcher found the Down Jones Watchlist residing in an open Elasticsearch database containing 2.4 million records of politicians, criminals and national and international sanction lists. Independent researcher Bob Diachenko came across the 4.4GB dataset on February 22. The files were not secured and could be found using any public IoT search engine. The information: · Global coverage of senior politically exposed persons, their relatives, close associates, and companies they are linked to. · National and international government sanction lists · Persons officially linked to, or convicted of, high-profile crime · Profile notes citing Federal agencies and law enforcement sources. “...it contained the identities of government officials, politicians and people of political influence in every country of the world. The data is designed to help identify risks when researching an individual and efficient due diligence...”