cyber Breach

Thomson Reuters

Oct 28, 2022 1 min read
Thomson Reuters

Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools.

The size of the open database the team discovered corresponds with the company using ElasticSearch, a data storage favored by enterprises dealing with extensive, constantly updated volumes of data.

Media giant with $6.35 billion in revenue left at least three of its databases open
At least 3TB of sensitive data exposed including Thomson Reuters plaintext passwords to third-party servers
The data company collects is a treasure trove for threat actors, likely worth millions of dollars on underground criminal forums
The company has immediately fixed the issue, and started notifying their customers
Thomson Reuters downplayed the issue, saying it affects only a “small subset of Thomson Reuters Global Trade customers”
The dataset was open for several days – malicious bots are capable of discovering instances within mere hours
Threat actors could use the leak for attacks, from social engineering attacks to ransomware</p><p>Source: <a href="https://securityaffairs.co/wordpress/137718/data-breach/thomson-reuters-database-exposed.html">https://securityaffairs.co/wordpress/137718/data-breach/thomson-reuters-database-exposed.html</a></p><figure class="kg-card kg-image-card"><img src="https://blog.rankiteo.com/content/images/2022/10/aver_THO1335281022.jpg" class="kg-image" alt loading="lazy" width="1438" height="736" srcset="https://blog.rankiteo.com/content/images/2022/10/aver_THO1335281022.jpg 600w, https://blog.rankiteo.com/content/images/2022/10/aver_THO1335281022.jpg 1000w, https://blog.rankiteo.com/content/images/2022/10/aver_THO1335281022.jpg" sizes="(min-width: 720px) 720px"></figure> 

"id": "THO1335281022",
"linkid": "thomson-reuters",
"type": "Breach",
"date": "10/2022",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.