Content, Governance, Risk and Compliance, Breach

Amazon Web Services Leak: 2.2 Million Dow Jones Customer Records Exposed

Call it a bad case of data leak deja vu: Dow Jones & Co. is the fourth organization in recent weeks to confirm a massive data leak caused by misconfigured Amazon Web Services (AWS) cloud accounts.

According to The Wall Street Journal:

"An error by Dow Jones & Co. in configuring a cloud-computing service left addresses and other information about subscribers to some of its products, including The Wall Street Journal, exposed to possible unauthorized access.

About 2.2 million subscribers’ records were affected, a Dow Jones spokesman said. Some of the records included customer names, usernames, email and physical addresses, and the last 4 digits of credit-card numbers, although some records were missing parts of that information, the spokesman said."

The report said employee error -- involving a misconfigured Amazon Web Services (AWS) cloud account -- caused the problem, though the leak did not put customer financial information at risk, Dow Jones insisted.

Amazon AWS Cloud Customers: Clueless About Security Settings?

This is the latest in the growing list of data exposures involving customers who fail to properly set up their AWS accounts. The others involved:

In every case, Amazon was not specifically at fault. However, given the repeated user error, one has to wonder if Amazon can simplify or more effectively promote how to activate and maintain AWS security settings.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.