Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Thomson Reuters Collected and Leaked at Least 3TB of Sensitive Data (cybernews.com) 13

Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. Cybernews: The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company's platforms. The company recognized the issue and fixed it immediately. Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools. The size of the open database the team discovered corresponds with the company using ElasticSearch, a data storage favored by enterprises dealing with extensive, constantly updated volumes of data.
This discussion has been archived. No new comments can be posted.

Thomson Reuters Collected and Leaked at Least 3TB of Sensitive Data

Comments Filter:
  • Stupidity is the bottom denominator, when juicy stuff has to get loose.

    • by Tablizer ( 95088 )

      > Stupidity is the bottom denominator

      It's not "stupid" from the top's perspective, The decision makers rarely are punished enough by such breaches to take their focus off profits-first. They will often move on to a new company when bleep happens.

      The orders to skimp are usually verbal such that there's no written trail to bust them on. They just point fingers at other executives such that juries can't make heads or tails of what actually happened and so have to either acquit or assign nominal punishment.

  • by splutty ( 43475 ) on Thursday October 27, 2022 @10:29AM (#63002835)

    Having worked with TR products, I am very much not surprised they missed basic things.

    Even their very popular stuff is.. Wonky at best, almost unusable at worst.

    • by cob666 ( 656740 )
      I worked at Thomson Financial Services back in the early 90s on a product called 'First Call' which was pretty popular at the time and still exists as some other product. They ran a tight ship back then with a lot of focus on customer service and support. Security was a big concern back then as well but that was really pre-web so data accessibility was limited.
      • by Njovich ( 553857 )

        That's closer to the Vietnam war than it is to the present day, gramps.

      • by splutty ( 43475 )

        The one from the last decade certainly isn't that.

        Simple example, they'd just roll out an update without notifying anyone, which changes their proprietary format, and thus breaks all downstream processing.

        Three times. In a year.

    • by tlhIngan ( 30335 )

      Having worked with TR products, I am very much not surprised they missed basic things.

      Even their very popular stuff is.. Wonky at best, almost unusable at worst.

      Except they do make the popular UFile tax software for Canadians which for personal taxes is extremely popular due to its low cost ($20) unlike say, QuickTax which comes in a half dozen versions depending on what tax forms you need to file, starting with a basic version for $20. (Officially it's like $23, but is discounted to $20 so often during tax

  • So where is the torrent hosting said data? lol!!!

May all your PUSHes be POPped.

Working...