Dow Jones Data Leak – 2.2 Million Customers Exposed

Due to a cloud storage error, the data of over 2.2 million Dow Jones customers have been leaked.

Cause:
An Amazon Web Services S3 bucket, had been misconfigured via the permission settings to allow any AWS “Authenticated User” to access and download the data via the public URL. Amazon’s definition of this is, an “authenticated user” is “any user that has an Amazon AWS account,” a userbase that numbers over a million accounts as registration is free. This is In the fifth case of data breach due to cloud misconfiguration in the last two months. In June, a human error  by contractor Booz Allen Hamilton (BAH) resulted in more than 60,000 US Department of Defense files being left publicly exposed in an Amazon S3 repository.

Effect:
The leaked data includes names, home/business addresses, account information, email addresses and last four digits of credit card numbers of around 2.2 million subscribers to The Wall Street Journal and Barron’s. Additionally, the details of 1.6 million entries were also exposed in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations. The misconfiguration was discovered on May 30, and the database configuration was corrected on June 6— It’s been reported that Dow Jones has made little effort to notify affected users other than an article in the Journal covering the leak on July 16, more than a month after the fix.