FULCRUMSEC claims to have breached LexisNexis by exploiting a vulnerable container role to gain broad access to the company’s AWS infrastructure and bypass access controls. They allege exfiltrating large volumes of sensitive data—including Redshift and VPC tables, plaintext AWS Secrets Manager entries, millions of EDW records, hundreds of thousands of user profiles, government and customer accounts, employee credentials, and internal incident and defect records. #FULCRUMSEC #LexisNexis
Keypoints
- FULCRUMSEC claims to have exploited a vulnerable container role to gain widespread access to LexisNexis AWS infrastructure.
- The actor alleges exfiltration of 2.04 GB of structured data spanning 536 Redshift tables and over 430 VPC database tables.
- Reportedly 53 AWS Secrets Manager secrets were exposed in plaintext, including production database master passwords, tokens, and API keys.
- Alleged data includes 3.9 million Enterprise Data Warehouse records, ~400,000 cloud user profiles, 118 government user accounts, and 21,042 customer account records.
- Complete VPC infrastructure mapping, 10,000 IT incident tickets, 10,000 internal engineering defect records, 45 employee password hashes, and cleartext customer passwords in support tickets were also claimed to be taken.
Read More: https://dailydarkweb.net/lexisnexis-investigates-massive-data-breach-by-fulcrumsec/