250 K legal documents leaked: Owner never identified

250k leaks

A database containing 257 287 legal documents with some marked “not publishable” was left open without a password, so that a treasure trove of sensitive legal material could be accessed and downloaded by anyone on the Internet.

The database, which was left on-line for about two weeks, contained unpublished legal documents concerning the US court proceedings. “Cases are from 2002-2010, from across the[ America],” Bob Diachenko, Security Discovery Director of Cyber Threat Intelligence.

The leaked files are usually documents exchanged between the lawyers and the court before official versions are filed. The database included both public and non-public versions, showing a full history of how certain cases developed. “Most of the documents are public, but about 30-40% is ‘unpublished opinions’ or ‘not published’,” Diachenko said.


not-for-publication-docscredit: Bob Diachenko (supplied sample)

Even today, the source of these files remains uncertain. Diachenko said that for this data he identified two possible leaks. The first is the Lex Machina, division of legal software giant LexisNexis, a research firm in intellectual property, while the second is LexSphere, a subdivision of LexVisio that offers the legal outsourcing services of law firms and legal departments.

Diachenko stated that in an incident report published today, he only notified Lex Machina about the leaky server, because he first believed that the server belonged to it before finding the possible link with LexVision.

Database from StockX Hack Sold Online, Check If You're Included

Eventually, the database was secured weeks later, but the researcher has never received a response, and it is not yet clear to whom the database still belongs. It may well be possible that the owner of the database simply realized that the server was publicly available and secured behind a firewall, where most of these internal databases are usually maintained.

The data base at the center of the leak was a ElasticSearch server that has been at the center of many similar leaks in the past, a technology that powers advanced search systems.

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
Android app fake

Two – thirds of all antivirus applications in Android are fraud

Next Post
Fujitsu key

Keystroke injection – Wireless Fujitsu keyboard is vulnerable

Related Posts