The Dow Jones watchlist was found by a researcher to be residing in an open Elasticsearch database. The entire amount of data contained 2.4 million records for criminals, national and international sanction lists and politicians. The data is designed to help people and companies to identify risks when looking into a particular person. All of the information included in this dataset was from all open source resources, meaning all the information was public to begin with. With this dataset though, it becomes more dangerous because it is all located in one place, making it easier for criminals to get their hands on the information rather than searching for it. The exposed information is believed to be from a misconfigured AWS Database. The sensitivity of this information according to Dow Jones is very high, and some have called it very “careless and irresponsible” that it was left open.
Analyst Notes
This dataset being publicly available is proof that security should be taken more seriously. Although the data has been taken down, it could have been accessed by anyone before it was. Information of this sensitivity should always be handled with great care and checked often that it is being safely stored. Otherwise, it will be found and the company will be responsible.
