'House of Cards' literary agent exposes gigabytes of sensitive client files

A high profile publishing firm and literary agency has left gigabytes of sensitive company and client data sitting on the open internet for anyone who knew where to look.

See also

Here are 2017's biggest hacks, leaks, and data breaches — so far

Dozens of data breaches, millions of people affected.

Read now

The data was found on an internet-connected backup drive on the network of Bell Lomax Moreton, a Kent, UK-based company, by the Kromtech Security Research Center.

The drive uses "rsync", a protocol for synchronizing copies of files between two different computers. But the drive didn't have a username or a password, allowing anyone to view the sensitive data. The drive was also listed on Shodan, a search engine for open and unsecured databases and devices connected to the internet.

It isn't known how long the backup drive has been online and leaking data, but some of the files date back to 1999 and earlier.

Bell Lomax Moreton represents celebrities, former politicians, and well-known and award-winning writers, including author Michael Dobbs, whose novel "House of Cards" was later turned into a Netflix five-season series.

Among the leaking data, Kromtech found the company's core financial files, ledger books, and several archive email inboxes of senior staff and company executives dating back years. The backup drive also had client contracts, details of royalties, and payment information -- which included sensitive financial information, as well as banking numbers of the company's clients.

The backup drive also had entire copies of client books of varying editions, translations, and versions -- which could, if stolen by a malicious actor, be shared on file-sharing sites for free.

Several files also pointed to credentials for the company's website, allowing users to log in and modify portions of the website.

The backup drive has since been secured, following several attempts by Kromtech and ZDNet to reach the company.

The company said it was "grateful" to Kromtech's security researchers, but declined to comment when contacted by ZDNet.

ZDNET INVESTIGATIONS

Researchers say a breathalyzer has flaws, casting doubt on countless convictions

Lawsuits threaten infosec research — just when we need it most

NSA's Ragtime program targets Americans, leaked files show

Leaked TSA documents reveal New York airport's wave of security lapses

US government pushed tech firms to hand over source code

Millions of Verizon customer records exposed in security lapse

Meet the shadowy tech brokers that deliver your data to the NSA

Inside the global terror watchlist that secretly shadows millions

198 million Americans hit by 'largest ever' voter records leak

Britain has passed the 'most extreme surveillance law ever passed in a democracy'

Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it

Leaked document reveals UK plans for wider internet surveillance

• Researchers say a breathalyzer has flaws, casting doubt on countless convictions
• Lawsuits threaten infosec research — just when we need it most
• NSA's Ragtime program targets Americans, leaked files show
• Leaked TSA documents reveal New York airport's wave of security lapses
• US government pushed tech firms to hand over source code
• Millions of Verizon customer records exposed in security lapse
• Meet the shadowy tech brokers that deliver your data to the NSA
• Inside the global terror watchlist that secretly shadows millions
• 198 million Americans hit by 'largest ever' voter records leak
• Britain has passed the 'most extreme surveillance law ever passed in a democracy'
• Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it
• Leaked document reveals UK plans for wider internet surveillance