Confidential terror watchlist exposed online

(Image credit: Shutterstock)

A misconfigured Elasticsearch cluster exposed sensitive personal details of two million individuals, included in what cybersecurity researchers believe to be a highly confidential database.

Volodymyr Diachenko, Head of Security Research at Comparitech, was responsible for the discovery of the records, which appear to form the basis of a terror watch list. The database was left exposed online, without even password protection.

“The watchlist came from the Terrorist Screening Center, a multi-agency group administered by the FBI. The TSC maintains the country's no-fly list, which is a subset of the larger watchlist,” claims Diachenko.

Abandoned data?

Diachenko’s team routinely scans the web for misconfigured and easily accessible databases that contain personal information. When they find one, they try to determine its ownership, and then contact the entity that owns the database to implement proper protections.

In the case of this particular exposed Elasticsearch cluster, Diachenko claims it contained 1.9 million records with each record listing various personally identifiable information (PII) and other sensitive details, such as an individual’s name, date of birth, citizenship, passport number, no-fly indicator and more.

The exposed server was indexed by the Censys and ZoomEye search engines, and could have been accessed by anyone in the three weeks it was available online.

The FBI did not immediately return TechRadar Pro's request for comment.

Update: 10:00 ET / 15:00 BST
The FBI has confirmed it will not comment on the story at this time.

These are the best data loss prevention services

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.