"LexisNexis Legal & Professional has investigated a security matter and based on the investigation and testing we have done to date, we believe the matter is contained. We have no evidence of compromise of or impact to our products and services."
"The hackers suggested that they exploited the React2Shell vulnerability and improperly secured AWS instances to access and exfiltrate more than 2GB of data. The threat actor claimed to have obtained millions of data records, including enterprise account data, employee credentials, software development secrets, and personal information on 400,000 people."
"Representatives of LexisNexis Legal & Professional said in a statement to the media that while the attackers did gain access to some servers, the compromised systems mostly stored legacy and deprecated data from prior to 2020."
LexisNexis Legal & Professional confirmed a data breach after hackers announced the intrusion on a cybercrime forum and attempted extortion. The attackers gained access to servers containing primarily legacy and deprecated data predating 2020. Compromised information includes customer names, user IDs, business contact details, IP addresses, and support tickets. Hackers claimed to have obtained millions of records including enterprise accounts, employee credentials, software development secrets, and personal information on 400,000 people, including over 100 individuals with .gov email addresses. The company states the matter is contained with no evidence of product or service compromise. This represents another breach for LexisNexis, following a 2024 third-party intrusion affecting 360,000 people.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]