According to a report from security researcher Chris Vickery, a copy of the World-Check database was exposed on the internet since a client has misconfigured some security setting on the cloud platform. This means, that if an attacker saw this security flaw, he could easily steal the whole database.
Some other reports claim that there are hackers on the dark net based Real Deal Market who are selling them, one of them, called “bestbuy” put it up for sale for the price of 10 bitcoins (around $7000) and the other, “Data Direct” for 3.5 bitcoins (nearly $2000).
World-Check, the product of Thomson Reuters, has over 300 government agencies, nine of the world’s top 10 law firms and 49 of the world’s top 50 banks as their clients. This database has profiles of millions of people, amongst them, there are tens of thousands who are linked to terrorism. World-Check creates its profiles on public information, including international terrorist watchlists.
Vickery found the database by searching online for the configuration issue that made it publicly visible. Although, the researcher said anyone could have found the database the same way he did and he questions whether the sellers are actually selling authentic information: