Categories: Security

Dow Jones AWS S3 Server Error Leaks Personal Data Of 2.2 Million Customers

Financial publishing giant Dow Jones has confirmed that it leaked the personal information of 2.2 million customers after wrongly configuring an Amazon Web Services (AWS) S3 cloud storage server.

Security firm UpGuard first discovered the leak in early June and says that the server had been set up to allow “semi-public access”, resulting in the exposure of sensitive personal and financial information.

The leaked data includes the names, addresses, account information, email addresses and last four digits of credit card numbers of millions of Dow Jones subscribers.

Leaky server

Dow Jones is the parent company of several leading financial publications – including The Wall Street Journal and Marketwatch – and boasts millions of subscribers across its portfolio.

Although the company has admitted that 2.2 million customers were affected, UpGuard “conservatively estimates” that the true scale of the breach could be closer to 4 million.

“The exposed data repository, an Amazon Web Services S3 bucket, had been configured via permission settings to allow any AWS “Authenticated Users” to download the data via the repository’s URL,” writes Dan O’Sullivan on the UpGuard blog.

“Per Amazon’s own definition, an “authenticated user” is “any user that has an Amazon AWS account,” a base that already numbers over a million users; registration for such an account is free. The revelation of this cloud leak speaks to the sustained danger of process error as a cause of data insecurity.”

Also stored in the repository, which was secured on June 6th, were the details of 1.6 million entries in a risk and compliance suite of databases, which are used by financial institutions for compliance with anti-money laundering regulations.

This is not the first time an AWS S3 database has been the source of a data leak, which highlights how businesses need to take extra care when setting up their cloud storage tools.

Earlier this month, World Wrestling Entertainment (WWE) leaked the personal data of over three million fans after failing to properly secure an S3 server, after a similar error in the US resulted in the country’s largest error breach of voter data.

Quiz: Cyber security in 2017!

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

37 mins ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

1 hour ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

3 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

6 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

6 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

7 hours ago