According to security researcher and white hat hacker, Chris Vickery, a copy of the World-Check database was leaked online. According to reports, the leaked information is now being sold on the dark net by hackers for a substantial amount of bitcoin.
World-Check Database For Sale
The World-Check file cache contains millions of people’s profiles, and of those tens of thousands of them are linked to terrorism. The database creates its profiles on publicly available information, including international terrorist watchlists
World-Check, a product of Thomson Reuters of Reuters news agency, whose clients include 300 government agencies, nine of the world’s top 10 law firms and 49 of the world’s top 50 banks.
The leak seemed to have occurred because a World Check client had misconfigured security settings on a cloud database. This left the entire database at risk to an attack by an experienced hacker who knew where to look, as the security had been weakened significantly.
Some other reports claim that hackers have obtained the records and are now selling them through the dark net based site, Real Deal Market. One of the hackers that goes by the name “bestbuy” listed the database at 10 BTC, while the other, “Data Direct,” is supposedly selling the database for 3.5 BTC.
Vickery found the files by scouring the internet for the configuration problem that made it publicly visible. Though, theoretically, anyone could have found the database the same way he did, Vickery questions whether the sellers are actually selling the authentic file.
Vickery thinks the information that the hackers have provides no proof that they have the real-deal and says that the information they do have is easily accessible to the public.
Justifying his belief that the hackers are selling phonies, Vickery explains:
The person that put up the Real Deal posting is citing different record totals than I recall seeing and has offered no proof that they actually have a copy of the database. The only statements I’ve seen from the seller, ‘bestbuy,’ appear to reflect general information that anyone could have gathered from news reports.
Vickery wanted to make it clear that he was not in any way connected to the people selling the information. “I want to unequivocally state that I am not the person trying to sell this alleged copy of the World-Check database,” he stated. “And, to the best of my knowledge, it is not anyone that I have ever had contact with.”
Centralized Databases Exposed
The man who uncovered the leak, Chris Vickery, is a white hat hacker who has exposed multiple cases of database breaches in the past. One such case resulted in 154 million voter records being exposed. The leak itself was caused by negligence on the part of the holder.
Surprisingly, this case was not even the largest database discovered by Vickery. Previously, he had actually found a different database that contained the records of 191 million voters.
These breaches could certainly be a condemnation of centrally-owned databases that shows a need for blockchain applications. For now, people are highly dependent on centralized databases for the purposes of identity verification, which will continue to put people at risk until something is done to limit the amount of personal information people have to share.
What do you think about this database leak? Let us know in the comments below!
Images Courtesy of muslimnews.co.uk, null-byte.wonderhowto.com, statesman.com