A leak exposed about 6 million Verizon customers’ personal information. Elizabeth Keatinge (@elizkeatinge) has more.
The information of more than 2 millionÂ Dow Jones customers was left exposed online after the company made an error in the access preferences on aÂ cloud storage system, the publisher said Monday.
The names, addresses, account information and last four digits of credit card numbers of some subscribers of Dow Jones publications â includingÂ The Wall Street JournalÂ andÂ Barron’sÂ â was available to anyone who had an Amazon Web Services account.Â
Chris Vickery,Â director of cyber risk research at UpGuard, found the exposure May 30 while he was searching for exposed data on AWS servers. He said Dow Jones said it had secured the data on June 6.Â
Dow Jones said theÂ data was secured immediately after the company was notifiedÂ and it has “have no evidence any of the over-exposed information was taken.”
VickeryÂ believes the employee who set the bucket to be viewed by “Authenticated Users” did not realize that meant the information would be available to all AWS users, not just Dow Jones employees.Â
TheÂ Wall Street JournalÂ reported on the exposure Sunday.
The data exposure followsÂ Verizon’s admission last weekÂ that a vendor had left the names, addresses, and in some cases, PINs, ofÂ 6 million customers exposed on Amazon’s cloud storage platform. The Dow Jones leak had the potential to be worse because it contained partial credit card information.
Dow Jones did not notify customers because the information had not been stolen andÂ Â “the over-exposed data did not include full credit card or account login information that could pose a significant risk for consumers or require notification,” the company said in a statement to USA TODAY.
Cybersecurity experts are warning more…