The FULCRUMSEC extortion group claims to have breached LexisNexis, the global legal, regulatory, and business information analytics division of RELX Group. The threat actors allege they exploited a vulnerable container role to gain widespread access to the company’s AWS infrastructure, successfully bypassing access controls to exfiltrate vast amounts of sensitive corporate, government, and customer intelligence.
According to the actor, the allegedly compromised data includes:
-
2.04 GB of structured data encompassing 536 Redshift tables and over 430 VPC database tables
-
53 AWS Secrets Manager secrets in plaintext, including production database master passwords, tokens, and API keys
-
3.9 million Enterprise Data Warehouse records
-
Approximately 400,000 cloud user profiles containing full names, email addresses, phone numbers, and job functions
-
118 government user accounts, including federal judges, DOJ attorneys, SEC staff, and law clerks
-
21,042 customer account records detailing commercial relationships, active product subscriptions, and pricing tiers
-
5,582 attorney survey respondents, including their substantive product feedback and IP addresses
-
45 employee password hashes, alongside cleartext customer passwords improperly stored in IT support ticket subject lines
-
Complete VPC infrastructure mapping, 10,000 IT incident tickets, and 10,000 internal engineering defect records
Daily Dark WebRead More
T1
