The incident was caused due to database misconfiguration in which FOX News exposed around 58 GB worth of data without any security authentication.
The IT security researchers at Website Planet headed by Jeremiah Fowler, have revealed details of a data leak affecting Fox News. Reportedly, the 58 GB data trove was left open with no password protection, making it convenient for anyone with an internet connection to access the exposed data.
According to Website Planet, a configuration error was responsible for exposing millions of Fox News’ internal records, which included PII (personally identifiable information) of the company employees. The exposed database has since been secured.
13 Million Records Exposed
Researchers noted that a configuration error caused the massive trove of data comprising around 13 million content management records of the network to become publicly accessible.
Fowler, the co-founder of Security Discovery and a security researcher, stated that the exposed documents contain around 700 internal network emails, usernames, and Fox ID reference numbers for guests and celebrities who have appeared on the channel. Moreover, talent-related content didn’t contain private information and was already in the public domain.
Screenshot From The Exposed Data
“Upon further research nearly all records contained information indicating Fox News content, storage information, internal Fox emails, usernames, employee ID numbers, affiliate station information, and more.”
According to Website Planet’s blog post published last week, one of the folders contained 65,000 cast and production crew names and celebrities apart from the internal Fox ID reference number. Furthermore, the records captured many data points such as hostnames, event logging, host account numbers, interface, IP addresses, device data, etc.
If the data had landed in the wrong hands, Fowler said they could have carried out follow-on phishing attacks, and cybercriminals would have tried to insert malicious code. Or else they could easily identify the vulnerable areas for a future breach.
The database itself could have been used for making ransom demands. Fowler also noted that it wasn’t clear how long these records stayed exposed before getting detected and whether someone had already accessed the database or not.
He appreciated Fox News’ security team, which acted promptly and professionally after being notified about the unsecured database.
More Database Misconfiguration News
- Logistics giant D.W. Morgan exposed 100 GB worth of clients’ data
- 38 million records exposed in Microsoft Power apps misconfiguration
- Google Firebase misconfiguration exposes data of 20k+ Android users
- Anonymous & its affiliates hacked 90% of Russian misconfigured databases
- TransCredit exposed financial data of half a million Americans and Canadians