- Hackers claim deeper access to LexisNexis data than company admits
- Attack allegedly exposed government and corporate user data
- LexisNexis insists stolen information is outdated
American analytics giant LexisNexis has confirmed suffering a data breach recently, but played down its importance by claiming the hackers only stole outdated and irrelevant data. The hackers, on the other hand, claim otherwise.
Recently, a threat actor calling itself FulcrumSec leaked 2GB of files on various underground forums, BleepingComputer reported, claiming it used React2Shell, an open source post-exploitation framework, against an unpatched React frontend app.
The group allegedly broke into a React container with access to hundreds of Redshift tables, VPC database tables, dozens of AWS Secrets Manager secrets (in plaintext) and employee password hashes, millions of database records, thousands of customer accounts, and more. From there, they were able to extract information related to more than 100 users with .gov email addresses, such as federal judges, US DoJ attorneys, SEC staff, and others. They also accessed roughly 400,000 cloud user profiles with real names, email addresses, phone numbers, and job functions.
Legacy, deprecated data
While LexisNexis did confirm the incursion, it played down its importance, saying the stolen data isn’t up to date, at all.
“These servers contained mostly legacy, deprecated data from prior to 2020, including information such as customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses, and support tickets,” a company spokesperson said.
“The impacted information did not contain Social Security numbers, driver’s license numbers, or any other sensitive personally identifiable information; credit card, bank accounts, or any other financial information; active passwords; or customer search queries, customer client or matter information, or customer contracts.”
FulcrumSec said it tried reaching out to LexisNexis (most likely demanding a ransom payment in exchange for deleting the data), but the company “decided not to work with us,” the crooks said.
LexisNexis now believes the attack is contained.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
