Amazon Web Services Leak: 2.2 Million Dow Jones Customer Records Exposed
Call it a bad case of data leak deja vu: Dow Jones & Co. is the fourth organization in recent weeks to confirm a massive data leak caused by misconfigured Amazon Web Services (AWS) cloud accounts.
According to The Wall Street Journal:
“An error by Dow Jones & Co. in configuring a cloud-computing service left addresses and other information about subscribers to some of its products, including The Wall Street Journal, exposed to possible unauthorized access.
About 2.2 million subscribers’ records were affected, a Dow Jones spokesman said. Some of the records included customer names, usernames, email and physical addresses, and the last 4 digits of credit-card numbers, although some records were missing parts of that information, the spokesman said.”
The report said employee error — involving a misconfigured Amazon Web Services (AWS) cloud account — caused the problem, though the leak did not put customer financial information at risk, Dow Jones insisted.
Amazon AWS Cloud Customers: Clueless About Security Settings?
This is the latest in the growing list of data exposures involving customers who fail to properly set up their AWS accounts. The others involved:
- A Verizon customer account database
- A WWE database leak on AWS exposed 3 million customer records
- A database of 200 million Republican voters was left exposed on AWS earlier this year
In every case, Amazon was not specifically at fault. However, given the repeated user error, one has to wonder if Amazon can simplify or more effectively promote how to activate and maintain AWS security settings.