American information analytics firm LexisNexis Authorized & Skilled has confirmed to BleepingComputer that hackers breached its servers and accessed some buyer and enterprise info.
The corporate’s information breach affirmation comes as a menace actor named FulcrumSec leaked 2GB of recordsdata on numerous underground boards and websites.
LexisNexis L&P is a worldwide supplier of authorized, regulatory, and enterprise info, analysis instruments, and analytics utilized by attorneys, companies, governments, and tutorial establishments in additional than 150 international locations worldwide.
Cloud breach by way of unpatched React app
The menace actor says that on February 24 they gained entry to the corporate’s AWS infrastructure by exploiting the React2Shell vulnerability in an unpatched React frontend app.
LexisNexis L&P admitted that hackers breached its community, noting that the stolen info was outdated and consisted principally of non-critical particulars.
“Our investigation has confirmed that an unauthorized get together accessed a restricted variety of servers,” the corporate informed BleepingComputer.
“These servers contained principally legacy, deprecated information from previous to 2020, together with info akin to buyer names, person IDs, enterprise contact info, merchandise used, buyer surveys with respondent IP addresses, and assist tickets,” a spokesperson stated.
“The impacted info didn’t include Social Safety numbers, driver’s license numbers, or some other delicate personally identifiable info; bank card, financial institution accounts, or some other monetary info; energetic passwords; or buyer search queries, buyer consumer or matter info, or buyer contracts.”
Primarily based on its investigation, LexisNexis believes that the intrusion has been contained and located no proof that services or products had been impacted by the intrusion.
In a public put up detailing the hack, FulcrumSec claims that they stole info associated to greater than 100 customers with .gov e-mail addresses, which included U.S. authorities workers, federal judges and legislation clerks, U.S. Division of Justice attorneys, and U.S. SEC employees.
The menace actor detailed the intrusion, saying that they “exfiltrated 2.04 GB of structured information from LexisNexis AWS infrastructure” by way of a weak React container with entry to:
- 536 Redshift tables
- 430+ VPC database tables
- 53 AWS Secrets and techniques Supervisor secrets and techniques in plaintext
- 3.9M database information
- 21,042 buyer accounts
- 5,582 lawyer survey respondents
- 45 worker password hashes
- Full VPC infrastructure mapping
FulcrumSec stated that additionally they had entry to round 400,000 cloud person profiles that included actual names, emails, cellphone numbers, and job capabilities. In accordance with the hackers, 118 customers had .gov addresses belonging to U.S. authorities workers, federal judges and legislation clerks, U.S. Division of Justice attorneys, and U.S. SEC employees.
Supply: BleepingComputer
FulcrumSec stated that they contacted LexisNexis, however the firm “determined to not work with us on this.” In addition they criticized the corporate’s safety practices that permitted a single ECS activity function “learn entry to each secret within the account, together with the manufacturing Redshift grasp credential.”
LexisNexis has notified legislation enforcement and contracted an exterior cybersecurity professional to help with the investigation and implementation of containment measures.
The corporate has taken accountability for the breach and knowledgeable present and former prospects of the intrusion.
Final 12 months, the corporate disclosed one other breach after hackers compromised a company account and accessed delicate info belonging to 364,000 prospects.
Malware is getting smarter. The Crimson Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your safety stack is blinded.
