- Report: ‘Stranger Things’ season 4 to begin shooting in October 3 Years Ago
- AT&T paid Michael Cohen to consult on net neutrality, FBI documents show Today 9:10 AM
- Mysterio’s ruse changes on a second viewing of ‘Far From Home’ Today 9:06 AM
- Twitter overturns Barrett Brown’s third permanent suspension Today 8:49 AM
- How to live stream Liga MX Today 7:56 AM
- The QBaby’s parents are already trying to profit off their kid’s fame Today 7:45 AM
- How do 4DX movies work? Today 7:00 AM
- ‘Terminator 2’s John Connor will return for ‘Terminator: Dark Fate’ Today 6:41 AM
- What are all these ‘Game of Thrones’ fans supposed to do now? Today 6:00 AM
- The new ‘Cats’ trailer is here to make you want to claw your eyes out Thursday 7:59 PM
- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
Data breach exposed locations of oil-industry explosives, handler credentials
Employee Social Security numbers and other personal information were also exposed.
A misconfigured storage device discovered by a security researcher in October left exposed thousands of internal files belonging to an explosives-handling company.
The files, which have since been secured, reportedly included details about facilities in three U.S. states where explosives are stored.
The leaky file repository belonged to Allied-Horizontal Wireline Services (AHWS), a leading wireline company with more than 400 employees and 70 wireline units throughout the United States. (“Wireline” is an industry term that refers to cabling technology used at oil and gas wells.) The company is licensed by the federal government to store and use explosives to complete an oil-drilling process known as “perforation.”
Chris Vickery, a lead security researcher at MacKeeper who notably discovered several misconfigured voter databases this year, found the breach in early October. After verifying the device’s owner, Vickery reached out to an AHWS executive, who quickly moved to secure the company’s data.
AHWS did not respond to a request for comment.
Among the files located online by Vickery were hundreds of high-quality scans of explosives handling licenses, a variety of AHWS employee information, and other files pertaining to the company’s contracts with leading oil companies, such as BP and Exxon. One database appeared to contain the personal information of every AHWS employee, including names, titles, Social Security numbers, and contact information.
Vickery told the Daily Dot this week that he went public about the breach due to public safety concerns stemming from the breadth of leaked data tied to the company’s use of explosives.
“The discovery of an exposed file repository for an explosives-handling company is alarming,” he said. “If bad guys wanted to know where explosives are being held, or who to blackmail into obtaining explosives, this would have been a prime knowledge base.”
“High quality scans of explosives-handling licenses were also found in the files, which raises the possibility of impersonating authorized explosives-handling personnel,” Vickery added.
In a statement, the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) said that federal explosives licensees, on whom the agencies conduct extensive background checks, are “responsible for safeguarding their premises by establishing strong internal controls to prevent unauthorized entry to or possession of explosives.”
There are no federal laws prohibiting Allied-Horizontal Wireline Services from disclosing the location of its explosives, an ATF official said. “Licensees storing explosive materials must notify the authority having jurisdiction for fire safety in the locality where the explosive materials are stored.”
In a blog post on Thursday, Vickery praised AHWS for moving quickly to secure its data. “Their IT department also gets bonus points for not suggesting that I somehow ‘hacked’ them,” he said. “They were actually very grateful for the heads-up and couldn’t have been nicer to me. It’s refreshing when that happens.”
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.