LexisNexis Data Breach Confirmed After Hackers Leak Files
▼ Summary
– LexisNexis Legal & Professional confirmed a data breach where hackers accessed servers containing customer and business information.
– The breach was executed by exploiting the React2Shell vulnerability in an unpatched React app to gain access to the company’s AWS infrastructure.
– The company states the stolen data was mostly pre-2020 legacy information, excluding sensitive financial data, passwords, or active customer contracts.
– The threat actor, FulcrumSec, leaked 2GB of files and claims to have accessed data on over 21,000 customer accounts and hundreds of U.S. government personnel.
– LexisNexis has contained the intrusion, notified law enforcement and customers, and is investigating with an external cybersecurity expert.
A major data analytics firm has confirmed a security breach after hackers leaked files online. LexisNexis Legal & Professional, a global provider of legal and business research tools, acknowledged the incident to BleepingComputer. The confirmation followed a threat actor known as FulcrumSec releasing approximately 2GB of stolen data on underground forums. The company serves lawyers, corporations, and governments in over 150 countries, making the breach a significant event.
The intrusion reportedly began on February 24th. FulcrumSec claims to have exploited a known vulnerability called React2Shell within an unpatched React frontend application. This flaw provided a gateway into the company’s Amazon Web Services (AWS) infrastructure. LexisNexis stated its investigation confirmed unauthorized access to a limited number of servers. The company emphasized that the compromised data was largely outdated, consisting of legacy information from before 2020.
According to a company spokesperson, the impacted servers held customer names, user IDs, business contact details, product usage information, customer surveys with respondent IP addresses, and support tickets. LexisNexis was quick to note what was not exposed: Social Security numbers, driver’s license details, financial information like credit card or bank accounts, active passwords, customer search queries, or client contract data. The firm believes the intrusion has been contained and found no evidence that its active products or services were affected.
However, the hacker’s claims paint a more detailed and concerning picture. FulcrumSec alleges they exfiltrated over 2GB of structured data, gaining access to a vast array of internal systems. This reportedly included 536 Redshift tables, over 430 VPC database tables, and 53 AWS Secrets Manager secrets stored in plaintext. The actor claims the haul encompassed 3.9 million database records, information on 21,042 customer accounts, and data from 5,582 attorney survey respondents. They also stated access to roughly 400,000 cloud user profiles containing real names, emails, phone numbers, and job functions.
A particularly sensitive claim involves government personnel. FulcrumSec asserts that among the accessed data were profiles for more than 100 users with .gov email addresses. These allegedly included U.S. government employees, federal judges, law clerks, Department of Justice attorneys, and staff from the Securities and Exchange Commission. The hackers criticized the company’s security posture, highlighting that a single ECS task role had excessive read access to every secret in the account, including production database credentials.
LexisNexis has informed law enforcement and engaged an external cybersecurity firm to assist with the investigation and remediation efforts. The company has taken responsibility and begun notifying both current and former customers about the breach. This incident follows another security disclosure from the company last year, when a compromised corporate account exposed sensitive information belonging to 364,000 customers.
(Source: Bleeping Computer)
