LexisNexis Data Breach: Hackers Expose Stolen Files

Data Breach Confirmed by LexisNexis

LexisNexis Legal & Professional, a renowned American data analytics company, has officially acknowledged a security breach that exposed certain customer and business data to hackers.

The confirmation of the data breach by LexisNexis comes in the wake of a cyber threat actor known as FulcrumSec releasing 2GB of stolen files on various underground platforms.

LexisNexis L&P is a leading global provider of legal, regulatory, and business information, offering research tools and analytics utilized by entities such as lawyers, corporations, governments, and academic institutions in over 150 countries worldwide.

Cloud Breach via Unpatched React Application

The threat actor claims to have exploited the React2Shell vulnerability in an unpatched React frontend app on February 24, gaining unauthorized access to LexisNexis’ AWS infrastructure.

LexisNexis L&P has confirmed the breach, emphasizing that the compromised information was mostly outdated and non-critical.

According to a company spokesperson, the breached servers contained deprecated data predating 2020, including customer names, user IDs, business contact details, product information, customer surveys with respondent IP addresses, and support tickets.

The exposed information did not include sensitive data like Social Security numbers, driver’s license numbers, financial information, active passwords, or customer contracts.

Following their investigation, LexisNexis believes that the breach has been contained, with no evidence of any impact on their products or services.

In a public disclosure, FulcrumSec revealed that they accessed information related to over 100 users with .gov email addresses, including U.S. government employees, federal judges, U.S. Department of Justice attorneys, and U.S. SEC staff.

The threat actor detailed the breach, stating that they extracted 2.04 GB of structured data from LexisNexis’ AWS infrastructure, including access to various Redshift tables, VPC database tables, AWS Secrets Manager secrets, database records, customer accounts, attorney survey respondents, employee password hashes, and VPC infrastructure mapping.

FulcrumSec also mentioned having access to approximately 400,000 cloud user profiles containing real names, emails, phone numbers, and job roles, with 118 users possessing .gov email addresses.

FulcrumSec reached out to LexisNexis regarding the breach, but the company declined to engage with them. They criticized the company’s security practices, highlighting a vulnerability that provided read access to critical credentials.

LexisNexis has involved law enforcement and enlisted the help of external cybersecurity experts to investigate the breach and implement containment measures.

The company has taken responsibility for the breach and informed both current and former customers about the incident.

Last year, LexisNexis disclosed another breach where hackers compromised a corporate account, gaining access to sensitive information belonging to 364,000 customers.