- How to watch Netflix on Linux 2 Years Ago
- Fortnite streamer Tfue sues gaming organization FaZe Clan over contract dispute Today 12:28 AM
- Report finds some users can’t opt out of Facebook’s face recognition Monday 7:27 PM
- Get emotional over this real-life pastor baptizing an anime girl in virtual reality Monday 6:53 PM
- Twitter wants to know what Jack in the Box did to offend Kim Kardashian Monday 6:38 PM
- ‘Game of Thrones’ meme claims King’s Landing is an ‘inside job’ Monday 6:06 PM
- Report: Personal data of 49 million Instagram influencers exposed online Monday 4:57 PM
- ‘Stranger Things’ season 3 trailer teases a wet, hot American summer Monday 4:02 PM
- What Daenerys’ biggest ‘Game of Thrones’ scenes have in common with Nazi propaganda Monday 3:12 PM
- Here’s what’s coming to Amazon Prime in June Monday 2:11 PM
- Where did Jon Snow go? Unpacking the ‘Game of Thrones’ ending Monday 2:04 PM
- So, did anyone actually win ‘Game of Thrones’? Monday 1:29 PM
- The surprising religious subtext of ‘John Wick: Chapter 3’ Monday 12:53 PM
- Robin Arryn got hot—and the internet is seriously shook Monday 12:40 PM
- Tana Mongeau is going to VidCon a year after TanaCon disaster Monday 12:12 PM
Data breach exposed locations of oil-industry explosives, handler credentials
Employee Social Security numbers and other personal information were also exposed.
A misconfigured storage device discovered by a security researcher in October left exposed thousands of internal files belonging to an explosives-handling company.
The files, which have since been secured, reportedly included details about facilities in three U.S. states where explosives are stored.
The leaky file repository belonged to Allied-Horizontal Wireline Services (AHWS), a leading wireline company with more than 400 employees and 70 wireline units throughout the United States. (“Wireline” is an industry term that refers to cabling technology used at oil and gas wells.) The company is licensed by the federal government to store and use explosives to complete an oil-drilling process known as “perforation.”
Chris Vickery, a lead security researcher at MacKeeper who notably discovered several misconfigured voter databases this year, found the breach in early October. After verifying the device’s owner, Vickery reached out to an AHWS executive, who quickly moved to secure the company’s data.
AHWS did not respond to a request for comment.
Among the files located online by Vickery were hundreds of high-quality scans of explosives handling licenses, a variety of AHWS employee information, and other files pertaining to the company’s contracts with leading oil companies, such as BP and Exxon. One database appeared to contain the personal information of every AHWS employee, including names, titles, Social Security numbers, and contact information.
Vickery told the Daily Dot this week that he went public about the breach due to public safety concerns stemming from the breadth of leaked data tied to the company’s use of explosives.
“The discovery of an exposed file repository for an explosives-handling company is alarming,” he said. “If bad guys wanted to know where explosives are being held, or who to blackmail into obtaining explosives, this would have been a prime knowledge base.”
“High quality scans of explosives-handling licenses were also found in the files, which raises the possibility of impersonating authorized explosives-handling personnel,” Vickery added.
In a statement, the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) said that federal explosives licensees, on whom the agencies conduct extensive background checks, are “responsible for safeguarding their premises by establishing strong internal controls to prevent unauthorized entry to or possession of explosives.”
There are no federal laws prohibiting Allied-Horizontal Wireline Services from disclosing the location of its explosives, an ATF official said. “Licensees storing explosive materials must notify the authority having jurisdiction for fire safety in the locality where the explosive materials are stored.”
In a blog post on Thursday, Vickery praised AHWS for moving quickly to secure its data. “Their IT department also gets bonus points for not suggesting that I somehow ‘hacked’ them,” he said. “They were actually very grateful for the heads-up and couldn’t have been nicer to me. It’s refreshing when that happens.”
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.