A SECURITY COMPANY CALLED UPGUARD has exposed a problem with a Dow Jones server that partially exposed the details of as many as 4 million people.
This is bad news for Dow Jones and its punters. UpGuard suggests that there was some oversight in the setting up of the weak point, which could have been avoided. If it has been avoided a lot of people might be the sole owners of their own email addresses and some of their credit card details unmolested.
"The UpGuard Cyber Risk Team can now report that a cloud-based file repository owned by financial publishing firm Dow Jones & Company, that had been configured to allow semi-public access exposed the sensitive personal and financial details of millions of the company's customers," said the firm.
"While Dow Jones has confirmed that at least 2.2 million customers were affected, UpGuard calculations put the number closer to 4 million accounts," said UpGuard, adding that this is just the tip of the breach iceberg.
The exposed data includes the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron's.
"Also exposed in the cloud leak were the details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations," the security firm added.
Other security companies have cottoned on to what is happening and have naturally thrown their tin foil propeller hats into the comment ring. Christiaan Beek, lead scientist and principal engineer at McAfee, seemed to sympathise by saying that firms face a lot of threats, but wound up blaming human error and software.
"Companies today are battling an increasingly varied threat landscape while managing huge amounts of data. It can be a challenge to keep close track of where this data resides to ensure it is secure - and in this case, one small error in the cloud resulted in a large scale exposure," he said.
"The reality is that as companies become more focused on preventing cyber crime, they may be unconsciously shooting themselves in the foot in their efforts to be completely secure. It is not unusual for businesses to have over 10 security tools that require constant monitoring in order to ensure everything is correct - meaning that unfortunately, human error becomes a key factor in monitoring and safeguarding data."
We have asked Dow Jones to explain itself. µ
Archaic prototype shows Redmond has come a long way in hardware design
And woe betide if you're called Mohammed too
Lack of proper comms gets a frosty reception from Project Zero's Travis Ormandy
Wine 3.0 brings support for Windows apps to Google's mobe OS