Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools.
The size of the open database the team discovered corresponds with the company using ElasticSearch, a data storage favored by enterprises dealing with extensive, constantly updated volumes of data.
Media giant with $6.35 billion in revenue left at least three of its databases open
At least 3TB of sensitive data exposed including Thomson Reuters plaintext passwords to third-party servers
The data company collects is a treasure trove for threat actors, likely worth millions of dollars on underground criminal forums
The company has immediately fixed the issue, and started notifying their customers
Thomson Reuters downplayed the issue, saying it affects only a “small subset of Thomson Reuters Global Trade customers”
The dataset was open for several days – malicious bots are capable of discovering instances within mere hours
Threat actors could use the leak for attacks, from social engineering attacks to ransomware</p><p>Source: <a href="https://securityaffairs.co/wordpress/137718/data-breach/thomson-reuters-database-exposed.html">https://securityaffairs.co/wordpress/137718/data-breach/thomson-reuters-database-exposed.html</a></p><p>TPRM report: <a href="https://scoringcyber.rankiteo.com/company/thomson-reuters">https://scoringcyber.rankiteo.com/company/thomson-reuters</a></p>
"id": "tho1335281022",
"linkid": "thomson-reuters",
"type": "Breach",
"date": "10/2022",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'small subset of Thomson Reuters '
'Global Trade customers',
'industry': 'Media and Information Services',
'name': 'Thomson Reuters',
'size': '$6.35 billion in revenue',
'type': 'Corporation'}],
'attack_vector': 'Unsecured Database',
'customer_advisories': 'Started notifying their customers',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive data',
'Plaintext passwords']},
'description': 'Thomson Reuters left at least three of its databases open, '
'exposing at least 3TB of sensitive data including plaintext '
'passwords to third-party servers.',
'impact': {'data_compromised': ['Sensitive data', 'Plaintext passwords'],
'systems_affected': ['ElasticSearch databases']},
'initial_access_broker': {'reconnaissance_period': 'several days'},
'post_incident_analysis': {'corrective_actions': 'The company has immediately '
'fixed the issue',
'root_causes': 'Unsecured ElasticSearch Database'},
'response': {'communication_strategy': ['Downplayed the issue'],
'containment_measures': ['The company has immediately fixed the '
'issue'],
'remediation_measures': ['Started notifying their customers']},
'title': 'Thomson Reuters Data Exposure',
'type': 'Data Exposure',
'vulnerability_exploited': 'Unsecured ElasticSearch Database'}