Member-only story
1.9 Million Records From Terrorist Watchlist Exposed Online
The classified list was exposed online for three weeks
This almost sounds like the premise for a fictional thriller about international cyber-espionage. The details do, however, raise a number of valid questions, even some relating to rights guaranteed by the U.S. Constitution.
Numerous articles, including one posted on August 16, 2021, to BleepingComputer.com/news/, reported that an online database accessible without a password was found to contain what appeared to be a secret terrorist watchlist and no-fly list information. It’s important to note up front that, as of the date that article was posted, no confirmation had been made as to whether the records exposed actually originated from an agency of the U.S. government.
The database was discovered on July 19, 2021, by Security Discovery researcher Bob Diachenko. Diachenko told BleepingComputer that the records did appear to be the type used by multiple U.S. government agencies in counter-terrorism operations. Diachenko claims he informed the Department of Homeland Security (DHS) of his discovery the same day he found the database, but said the server and the 1.9 million records it hosted remained accessible until August 9, 2021, nearly three weeks later.
