The FBI did not comment on the matter, and it has not been confirmed if the server leaking the list belonged to a U.S. government agency or a third-party entity. Individuals added to the list are generally confirmed members of a terrorist organization or those suspected of belonging to or supporting such organizations. The list is considered highly sensitive and if exposed could cause irreparable damage to national security investigations. Binary Defense analysts regularly monitor criminal forums for sensitive information leaks. So far, this data has not been shared or offered for sale. Unless the organization responsible for hosting the exposed data had access logging set up properly, it may be difficult to determine how many different people, in addition to Dichenko, accessed the files during the three weeks they were available. Organizations that use cloud file hosting services should regularly audit the access control settings for their sensitive files, provide a clear point of contact for researchers to report security misconfigurations, and take prompt corrective action after a report is received.

https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/