According to a report from security researcher Chris Vickery, a copy of the World-Check database was exposed on the internet since a client has misconfigured some security setting on the cloud platform. This means, that if an attacker saw this security flaw, he could easily steal the whole database.
Some other reports claim that there are hackers on the dark net based Real Deal Market who are selling them, one of them, called “bestbuy” put it up for sale for the price of 10 bitcoins (around $7000) and the other, “Data Direct” for 3.5 bitcoins (nearly $2000).
World-Check, the product of Thomson Reuters, has over 300 government agencies, nine of the world’s top 10 law firms and 49 of the world’s top 50 banks as their clients. This database has profiles of millions of people, amongst them, there are tens of thousands who are linked to terrorism. World-Check creates its profiles on public information, including international terrorist watchlists.
Vickery found the database by searching online for the configuration issue that made it publicly visible. Although, the researcher said anyone could have found the database the same way he did and he questions whether the sellers are actually selling authentic information:
“The person that put up the Real Deal posting is citing different record totals than I recall seeing and has offered no proof that they actually have a copy of the database. The only statements I’ve seen from the seller, ‘bestbuy,’ appear to reflect general information that anyone could have gathered from news reports,” said Vickery in an email.
“I want to unequivocally state that I am not the person trying to sell this alleged copy of the World-Check database. And, to the best of my knowledge, it is not anyone that I have ever had contact with,” he added