A Dow Jones watchlist of more than 2.4 million entities that its clients should consider ‘high-risk’ has been inadvertently leaked to the public, thanks to an incorrectly configured and unsecured Elasticsearch database.
The database, which was hosted on AWS, was discovered by Bob Diachenko, a security researcher who has previously identified similar data breaches involving Veeam and contact aggregator Adapt.io. Diachenko wrote that the list was “sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look”.
Read more…
Source: ITPro