- Hackers claim deeper access to LexisNexis data than the company admits
- The attack reportedly exposed government and corporate user data
- LexisNexis insists that stolen information is out of date
US analytics giant LexisNexis has confirmed it suffered a data breach recently, but downplayed its significance, claiming the hackers only stole outdated and irrelevant data. The hackers, however, claim otherwise.
Recently, a threat actor calling itself FulcrumSec leaked 2GB files on various underground forums, Bleeping Computer reported, claiming it used React2Shell, an open source post-exploitation framework, against an unpatched React frontend app.
The group allegedly broke into a React container with access to hundreds of Redshift tables, VPC database tables, dozens of AWS Secrets Manager secrets (in clear text) and employee password hashes, millions of database records, thousands of customer accounts, and more. From there, they were able to extract information related to more than 100 users with .gov email addresses, such as federal judges, US DoJ attorneys, SEC employees and others. They also gained access to around 400,000 cloud user profiles with real names, email addresses, phone numbers and job functions.
Older, outdated data
While LexisNexis confirmed the breach, it downplayed its significance, saying the stolen data is not up to date at all.
“These servers contained mostly outdated, out-of-date data from before 2020, including information such as customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses and support tickets,” a company spokesperson said.
“The affected information did not include social security numbers, driver’s license numbers, or other sensitive personally identifiable information; credit card, bank account, or other financial information; active passwords; or customer search queries, customer or case information, or customer contracts.”
FulcrumSec said it tried to reach out to LexisNexis (likely demanding a ransom in exchange for deleting the data), but the company “decided not to work with us,” the crooks said.
LexisNexis now believes the attack is contained.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
