In a recent database leak, Thomson Reuters exposed three terabytes of sensitive data – including corporate and customer data. It appears that the company’s lack of basic security measures in the implementation of its hosting solutions allowed attackers to get hold of the data. This data included plaintext passwords to third-party servers and user-client interactions. Fortunately, the company took swift action to fix the problem.
The company has begun notifying affected customers and has launched an investigation. The company believes that the exposure of the data could cause damage to the company, its clients, and the public. In addition, the information could tip off entities involved in shady dealings. Ultimately, the data may have been exposed to criminals and social-engineering attacks, which are the main reasons why such a database leak is such a serious concern.
The data was stored in an open instance, and researchers have discovered that this open instance may have exposed sensitive data. The database contains over 6.9 million unique logs and is over three terabytes in size. Researchers cannot access the full dataset without violating ethical boundaries. The researchers who found the leak immediately contacted Thomson Reuters, and the company removed the open instance.
The company claims that the database leak resulted from an error in the configuration of the company’s database. It is still unclear whether this misconfiguration had led to access of customer data. Reuters has subsequently begun notifying customers whose data is potentially at risk.