Dow Jones & Company Leaks Personal Data of Millions of Customers
Posted by: Timothy Weaver on 07/19/2017 01:11 PM
[
Comments
]
If you are a customer of the financial giant Dow Jones & Company, your sensitive personal and financial details may have been compromised.
The UpGuard Cyber Risk Team has discovered that a cloud-based file repository was configured to allow access by 2.2 million customers.
The repository contained names, addresses, account information, email addresses and last four digits of credit card numbers of millions of subscribers.
The mistake was made May 30th, the database was secured June 6th, but the company did not publish an article about the leak until July 16th.
UpGuard researcher Dan O’Sullivan said about the leak: “The data exposed in this cloud leak could be exploited by malicious actors employing a number of attack vectors already known to have been successful in the past. The aversion of Dow Jones and Company to notifying affected customers of this data exposure denies consumers the ability to swiftly act to protect their own personal information.”
“With a list of 4 million subscribers to Dow Jones publications, it is not hard to see how malicious actors could deploy phishing messages against exposed customers. Sending official-looking emails purporting to be from The Wall Street Journal notifying customers their subscription had lapsed, or that their accounts had been compromised, malicious actors could have succeeded in convincing such high-value targets to supply credit card information, login credentials or more.”
Brian Vecci, at Varonis, spoke of the dangers brought by hackers of misconfigured Amazon AWS accounts: “The odds are high that they will find a cache of sensitive information because organizations have a staggering amount of dark data, meaning they don’t know who has access, who should have access and when malware or human users are behaving dangerously,” he said. “In a recent study by the Ponemon Institute, 62% percent of end users say they have access to company data they probably shouldn’t see. Also, 38% of organizations surveyed said they don’t monitor file or email activity whatsoever. Too many people have access to too much critical data, and too many companies are blind to what’s going on.”
Source: Info Security
The UpGuard Cyber Risk Team has discovered that a cloud-based file repository was configured to allow access by 2.2 million customers.The repository contained names, addresses, account information, email addresses and last four digits of credit card numbers of millions of subscribers.
The mistake was made May 30th, the database was secured June 6th, but the company did not publish an article about the leak until July 16th.
UpGuard researcher Dan O’Sullivan said about the leak: “The data exposed in this cloud leak could be exploited by malicious actors employing a number of attack vectors already known to have been successful in the past. The aversion of Dow Jones and Company to notifying affected customers of this data exposure denies consumers the ability to swiftly act to protect their own personal information.”
“With a list of 4 million subscribers to Dow Jones publications, it is not hard to see how malicious actors could deploy phishing messages against exposed customers. Sending official-looking emails purporting to be from The Wall Street Journal notifying customers their subscription had lapsed, or that their accounts had been compromised, malicious actors could have succeeded in convincing such high-value targets to supply credit card information, login credentials or more.”
Brian Vecci, at Varonis, spoke of the dangers brought by hackers of misconfigured Amazon AWS accounts: “The odds are high that they will find a cache of sensitive information because organizations have a staggering amount of dark data, meaning they don’t know who has access, who should have access and when malware or human users are behaving dangerously,” he said. “In a recent study by the Ponemon Institute, 62% percent of end users say they have access to company data they probably shouldn’t see. Also, 38% of organizations surveyed said they don’t monitor file or email activity whatsoever. Too many people have access to too much critical data, and too many companies are blind to what’s going on.”
Source: Info Security
Comments
