LexisNexis Breach Exposes Millions of Records Due to Unpatched React Vulnerability
A major data breach at LexisNexis provider of legal and data analytics services to governments and corporations in over 150 countries has exposed nearly 4 million records, including customer accounts, password hashes, and cloud infrastructure details. The attack, carried out by the hacker group FulcrumSec, exploited an unpatched React2Shell vulnerability in the company’s systems, despite a patch being available since 2025.
Hackers gained access to AWS containers containing sensitive data, leveraging insecure cloud configurations to exfiltrate over 2GB of stolen information, later dumped on dark web platforms. Exposed data included:
- 3.9 million database records
- 21,042 customer accounts
- 5,582 attorney survey responses
- 45 employee password hashes
- 53 AWS Secrets Manager secrets in plaintext
- Complete VPC infrastructure mapping
LexisNexis confirmed the breach but downplayed its impact, stating the compromised servers contained mostly legacy data pre-2020, such as customer names, business contact details, and support tickets. The company assured that no Social Security numbers, financial data, or active passwords were exposed. Affected customers have been notified, and law enforcement has been engaged, along with a third-party cybersecurity firm to investigate and mitigate the incident.
The breach underscores a persistent cybersecurity weakness: failure to apply critical patches. Despite the vulnerability being public for months, LexisNexis continued running an outdated React application, allowing attackers to exploit a known flaw. The incident highlights how even security-conscious organizations can fall victim to basic oversights, with potential ripple effects across government and legal sectors.
Source: https://www.techrepublic.com/article/news-lexisnexis-breach-3-9m-records-react-vulnerability/
LexisNexis cybersecurity rating report: https://www.rankiteo.com/company/lexisnexis
"id": "LEX1772815548",
"linkid": "lexisnexis",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '21,042 customer accounts',
'industry': 'Legal and Data Analytics',
'location': 'Global (150+ countries)',
'name': 'LexisNexis',
'type': 'Corporation'}],
'attack_vector': 'Unpatched Vulnerability (React2Shell)',
'customer_advisories': 'Affected customers notified',
'data_breach': {'data_exfiltration': '2GB of stolen information dumped on '
'dark web platforms',
'number_of_records_exposed': '3.9 million',
'personally_identifiable_information': 'Customer names, '
'business contact '
'details',
'sensitivity_of_data': 'Legacy data (pre-2020), including '
'customer names, business contact '
'details, and support tickets. No '
'Social Security numbers, financial '
'data, or active passwords exposed.',
'type_of_data_compromised': ['Customer accounts',
'Password hashes',
'Cloud infrastructure details',
'Attorney survey responses',
'AWS Secrets Manager secrets']},
'description': 'A major data breach at LexisNexis, a provider of legal and '
'data analytics services to governments and corporations in '
'over 150 countries, has exposed nearly 4 million records, '
'including customer accounts, password hashes, and cloud '
'infrastructure details. The attack exploited an unpatched '
'React2Shell vulnerability in the company’s systems, leading '
'to the exfiltration of over 2GB of stolen information, later '
'dumped on dark web platforms.',
'impact': {'brand_reputation_impact': 'Potential ripple effects across '
'government and legal sectors',
'data_compromised': '3.9 million database records, 21,042 customer '
'accounts, 5,582 attorney survey responses, 45 '
'employee password hashes, 53 AWS Secrets '
'Manager secrets, VPC infrastructure mapping',
'systems_affected': 'AWS containers, legacy servers'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
'entry_point': 'Unpatched React2Shell vulnerability',
'high_value_targets': 'AWS containers, legacy '
'servers'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Failure to apply critical patches and persistent '
'cybersecurity weaknesses due to outdated software.',
'post_incident_analysis': {'root_causes': 'Unpatched React2Shell '
'vulnerability, insecure cloud '
'configurations'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Apply critical patches promptly, enhance cloud security '
'configurations, and conduct regular vulnerability '
'assessments.',
'response': {'communication_strategy': 'Affected customers notified',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'Third-party cybersecurity firm '
'engaged'},
'threat_actor': 'FulcrumSec',
'title': 'LexisNexis Breach Exposes Millions of Records Due to Unpatched '
'React Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'React2Shell'}