Researcher Chris Vickery claimed on Reddit that he had managed to obtain a copy of 2014 version of the World-Check confidential database, which is being used by banks, governments, and intelligence agencies worldwide to scope out risks including suspected terrorists.
The leaked database contains more than 2.2 Million records of people with suspected terrorist, organized crime, money laundering, bribery, corruption links, and "other unsavory activities."
According to Thomson Reuters, who run World-Check, its service is used by 4,500 institutions, including 49 of the world's 50 largest banks, more than 300 government and intelligence agencies, and law firms.
Although the access to the World-Check database is supposed to be strongly restricted under European privacy laws, Reuters says an unnamed third-party has exposed an outdated version of the database online.
Vickery does not reveal exactly how he came across the data, but he says:
"No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time."Meanwhile, he told BBC that the database was not using any protection like username or password to see the records. However, he clarifies that "this unprotected database was not directly hosted by Thomson Reuters itself."
AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks
Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.Supercharge Your Skills
Vickery also told media outlets that even after disclosing its location to Thomson Reuters, the database is still available online.
"As far as I know, the original location of the leak is still exposed to the public internet," said Vickery. "Thomson Reuters is working feverishly to get it secured."
Along with the number of categories, the World-Check database also contains individuals' dates and places of birth in an effort to help banks and government entities check they are looking into the right people.
World-Check: A Controversial Global Terror Database
The World-Check database has repeatedly been accused of falsely designating individuals and organizations as terrorists on the list without their knowledge.
The BBC's Radio 4 first revealed the inaccurate terror designations after it gained 30 minutes of access to the World-Check database in August 2015 from one of the disgruntled customers.
An investigation conducted by Vice News in February 2016 also revealed that there were several individuals on the database list with a terrorist designation, including "an American Muslim civil rights leader praised by George Washington Bush, an economist honored by the British Queen, and a prominent anti-extremism campaigner."
However, the Reuters rejects these accusations.
"The worst possible situation that could arise is that someone who may be innocent, but accused of criminal activity in the database, could be permanently branded on a global scale if this database were to be spread publicly," said Vickery.
Vickery has previously tracked down a number of exposed datasets on the Internet. He's the one who reported a huge cache of around 191 Million US voter records and details of around 13 Million MacKeeper users.
In April, Vickey also reported information on 93 million Mexican voters. The records were exposed due to a configuration error in a MongoDB database.