Database leaks 250K legal documents, some marked 'not designated for publication'

Database taken down two weeks later. Owner never identified.

Locked files

A database containing 257,287 legal documents, with some marked as "not designated for publication," was left exposed on the public internet without a password, allowing anyone to access and download a treasure trove of sensitive legal materials.

The database, which was left online for roughly two weeks, contained unpublished legal documents relating to US court cases, the security researcher who found it told ZDNet.

"Cases are from 2002-2010 era, from all over the [US] States," Bob Diachenko, Cyber Threat Intelligence Director for Security Discovery told ZDNet today in an interview.

The leaked files are documents usually exchanged between lawyers and the court before filing official versions. The database contained both public and non-public versions alike, showing a full history of how some cases evolved.

"Most docs are public, but about 30%-40% of it is 'unpublished opinion' or 'not designated for publication'," Diachenko told us.

Not for publication docs

Image: Bob Diachenko (supplied sample)

The source of these files remains unsure, even to this day. Diachenko said he identified two possible leaks for this data.

The first is intellectual property litigation research company Lex Machina, a division of legal software giant LexisNexis, while the second was LexSphere, a subdivision of LexVisio that provides legal outsourcing services to law firms and legal departments.

In an incident report published today, Diachenko said he only notified Lex Machina of the leaky server because that's who he initially thought the server belonged to, before finding the possible LexVision connection.

The database was eventually secured weeks later, but the researcher said he never received a reply and it remains unclear to whom the database belongs to even to this day.

It can be very well possible that the database's owner simply realized --on their own-- that the server was publicly available and secured it behind a firewall, the place were most of these internal databases are usually kept.

The database at the center of this leak was an ElasticSearch server, a technology for powering advanced search systems that has been at the heart of many similar leaks in the past.

More data breach coverage: