By Ted Goodman
Hackers are selling a leaked list of suspected criminals and terrorists on the black market for as little as $2,300, according to digital tech news website Motherboard.
The news comes just weeks after a data security researcher revealed the list was left unsecured online, exposed to hackers. The list is a massive database of 2.2 million people suspected of criminal activities, including over 93,000 potential terror suspects and people with suspected ties to terrorism.
Motherboard reports that multiple vendors are offering to sell the list, and one of the sellers told Motherboard that he has already sold it to three buyers for $6,600 each, which he claimed was as a “nice” return for “something that was lying around.”
The list, known as World-Check, is managed by Thompson Reuters and used by the world’s largest banks, law firms, intelligence agencies and other clients in order to vet individuals who are suspected of terrorist activities. The list is also used to vet for money laundering, organized crime, bribery, corruption, and other activities that would present a risk to clients.
Security researcher Chris Vickery posted on Reddit June 28, that he obtained a copy of the World-Check database from mid-2014. Vickery also asserted that “no hacking was involved in the acquisition of this data.” The researcher explained the acquisition is a leak, but not directly from Thompson Reuters.
Vickery told TechCrunch June 29 the leak was due to a database software error where the information was “mistakenly” configured for public access. Vickery said that SmartKYC, a London-based financial services firm was likely responsible for the software error, according to TechCrunch.
Following the incident, Thomson Reuters released a statement acknowledging a “third party” exposed information from the World-Check database. Thomson Reuters even thanked Vickery, releasing a statement that said, in part, “We are grateful to Chris Vickery for bringing this to our attention, and immediately took steps to contact the third party responsible.”
Thomson Reuters told Motherboard Wednesday it, “takes the security of its global systems extremely seriously however does not discuss the actions it takes against any threats, actual or perceived, publicly.”