A watchlist of risky individuals and companies owned by Dow Jones was uncovered after a company with access to the database left that database without a password on a server.
Bob Diachenko independent security researcher found the Elasticsearch database, hosted by Amazon Web Services, with more than 2.4 million individual or enterprise records.
Because the data is secure, it is the financial giant's watchlist database that companies use as part of their risk and compliance efforts. Other financial companies, such as Thomson Reuters, have their own databases of high-risk clients, politically exposed individuals and terrorists ̵
A 2010-dated booklet billed the Dow Jones Watchlist so customers can easily and accurately identify high-risk customers with detailed, up-to-date profiles for each individual or company in the database. At the time, the database had 650,000 entries, the brochure said.
These include current and former politicians, individuals or companies under sanctions or convicted of high-profile financial crimes such as fraud, or persons linked to terrorism. Many of those on the list include "Special Interest Persons" according to the datasets in the TechCrunch visible database.
Diachenko, who wrote down his findings, said the database was "indexed, tagged and searchable".  From a 2010 Dow Jones & # 39; watchlist booklet that had 650,000 names of people and entities at the time. The exposed database had 2.4 million records. (Screenshot: TechCrunch)
Many financial institutions and government agencies use the database to approve or deny funding, or even to close bank accounts, as the BBC previously reported. Others have reported that it takes little or weak evidence to put someone on the watch list.
All data comes from public sources such as news articles and government filings. Many of the individual records come from the Dow Jones & # 39; Factiva News Archive, which gathers data from many news sources, including The Wall Street Journal, owned by Dow Jones.
But the existence of a name or the reason why name exists in the database is proprietary and closely guarded.
The datasets we've seen vary widely, but may include names, addresses, cities and their locations, whether deceased or not, and in some cases, photos. Diachenko also found birth dates and genders. Each profile had extensive notes from Factiva and other sources.
A casually found name was Badruddin Haqqani, a commander of the Afghan-based Haqqani guerilla insurgent network linked to the Taliban. In 2012, the US Treasury imposed sanctions on Haqqani and others for their involvement in financing terrorism. He was killed in a US drone strike in Pakistan several months later.
The database entry on Haqqani categorized under "sanction list" and "terror" included (and summarized for the sake of clarity):
DOW JONES NOTES:
19659015] On August 21, 2012 in Pakistan's northern Waziristan tribal area killed.
Office of Foreign Assets (OFAC) CONTROL (OFAC) Notes:
Eye color brown; Hair color brown; Pashto the individual language of the person; Commander of the Haqqani Network
Comments to the EU:
Additional information from the narrative summary of reasons for listing provided by the Sanctions Committee:
Badruddin Haqqani is the commander of the Haqqani Network, a Taliban group of fighters operating from the North Waziristan Agency in the nationwide administered tribal areas of Pakistan. The Haqqani network was at the forefront of insurgents in Afghanistan and responsible for many high-profile attacks. The leadership of the Haqqani Network consists of the three eldest sons of founder Jalaluddin Haqqani, who joined the Taliban regime of Mullah Mohammed Omar in the mid-1990s. Badruddin is the son of Jalaluddin and brother of Nasiruddin Haqqani and Sirajuddin Haqqani and the nephew of Khalil Ahmed Haqqani.
Badruddin assists in leading Taliban-affiliated insurgents and foreign fighters in attacks on southeastern Afghanistan. Badruddin sits on the Taliban's Miram Shah-shura, which has the activities of the Haqqani network.
It is believed that Badruddin is also responsible for kidnappings of the Haqqani network. He was responsible for the kidnapping of many Afghans and foreigners in the Afghan-Pakistani border region.
Other information: Operation Commander of the Haqqani Network and member of the Taliban Shura in Miram Shah. Has led attacks against targets in southeastern Afghanistan. Son of Jalaluddin Haqqani (TI.H.40.01.). Brother of Sirajuddin Jallaloudine Haqqani (TI.H.144.07.) And Nasiruddin Haqqani (TI.H.146.10.). Nephew of Khalil Ahmed Haqqani (TI.H.150.11.). Reportedly died in late August 2012.
Entities and persons against whom there is evidence of involvement in terrorism.
Dow Jones spokesman Sophie Bent said, "This record is part of our risk product that comes exclusively from publicly available sources. At the moment, our test indicates that this is because an authorized third party misconfigured an AWS server and the data is no longer available.
We asked Dow Jones specific questions. The exposure was reported to the US regulators and European data protection authorities, but the company did not comment on the protocol.
Two years ago, Dow Jones admitted that a similar misconfiguration of cloud storage systems contained the names and contact information of 2.2 million customers. including subscribers to the Wall Street Journal. The company described the event as a "mistake".