Last month’s borked Couchdb breach delivers more pain to Thomson Reuters
The World-Check database that lists “heightened risk individuals and organizations” is reportedly up for sale on the dark web.
The database is a commercial product offered by Thomson Reuters, which bills it as a useful tool for those fighting money laundering, “organized crime, sanctions, Countering the Financing of Terrorism (CFT), and Politically Exposed Persons (PEPs).”
The database contains some 2.2 million records.
Customers include major banks and spookhaüses galore.
Access is only granted after a vetting process and agreement to tough non-disclosure agreements.
As The Register revealed the World-Check database was breached last month thanks to a user’s customer couchdb leak.
That mistake made the database becoming open to plunder hours after the breach became public.
If the database has become widely available it will be hugely damaging to both Thomson Reuters and named individuals, some of whom have been shown to be inaccurately tagged in the database as having criminal or terrorist links.
Dark market seller “Bestbuy” says they obtained the same database as security researcher Chris Vickery, who obtained the database last month and reported the leak to Thomson Reuters.
It is being offered for 10 Bitcoins (US$6750, £6098, A$8945) for the entire database.
“Bestbuy” is a new level one seller to the marketplace with a handful of positive sales, making it more likely the database is a scam.
The Register has requested “Bestbuy” demonstrate the legitimacy of the database through verification checks, but had not received a response at the time of writing.
The seller is also offering the massive but old 117 million LinkedIn breach database dating back to 2012 for 1.2 bitcoins (US$1084, £980, A$1436).
Also up for sale is an unspecified Microsoft Office zero day that allegedly works on Windows 7 and older platforms.
The anonymous seller says that flaw comes from his “personal stock” of exploits and is on sale because a “real life client is a fucking idiot who takes too long to do anything”. ®
Sponsored: 2016 Cyberthreat defense report