A Dow Jones watchlist containing records of individuals who are of interest to financial companies due to their potential high risk as customers has been leaked online.
Prominent security researcher Bob Diachenko found a public Elasticsearch cluster containing the sensitive records of these individuals, brought together in a list compiled by Dow Jones, on February 22, 2019.
The cluster contained a database which was open to any member of the public who is able to use an IoT search engine -- such as BinaryEdge or Shodan which is able to list publicly-available, unsecured, front-facing systems -- to peruse at will.
The database in question was 4.4GB in size and contained a massive list of senior PEPs, alongside their relatives and associates.
PEPs, otherwise known as politically exposed persons, are individuals with "prominent public functions" that may be of a higher financial risk than most as customers due to their ability to potentially conduct embezzlement, accept bribes, or launder funds.
According to the security researcher, eight of the world's largest global financial institutions use the Dow Jones watchlist. This resource can be a valuable asset in making financial decisions and is constantly updated with aggregated, public information gleaned from company and news resources.
In total, the database contained 2,418,862 records containing the "identities of government officials, politicians and people of political influence in every country of the world," Diachenko says.
PEPs, their connections, companies they are linked to, both national & government sanction lists, and individuals either connected to or convicted of crimes were on the list. In addition, the database contained profile notes from Dow Jones itself which included citations relating to federal bodies and law enforcement.
Individuals on the list were categorized as a PEP, Special Interest Person (SIP) or Special Interest Entity (SIE).
The security researcher immediately informed Dow Jones, which took the cluster offline.
"This data is entirely derived from publicly available sources," the financial services firm said in a statement. "At this time our review suggests this resulted from an authorized third party's misconfiguration of an AWS server, and the data is no longer available."
Earlier this week, Cisco Talos warned of a recent surge in attacks currently underway which are focused on unsecured Elasticsearch clusters. At least six separate threat groups are believed to be involved and making use of old vulnerabilities to strike unpatched servers in order to drop malware payloads including cryptocurrency miners.