Database leaks over 250,000 legal documents

A database of 257,287 legal documents was visible on the public internet, without a password. This allowed everyone to access the documents and download sensitive legal material. Some of the documents were marked ‘not for publication’.

The database was online for about two weeks, and contained unpublished legal material related to U.S. lawsuits. That’s what the security researcher who found the database, Bob Diachenko, who is Cyber Threat Intelligence Director at Security Discovery, says against ZDNet. “Business comes from the years between 2002 and 2010 and comes from all American states.”

The leaked files are documents that are normally exchanged between lawyers and the court before the official versions are submitted. The database contained both public and non-public versions. As a result, there is a complete history of how some things happened.

“Most documents are public, but between 30 and 40 percent are ‘unpublished opinions’ or ‘not intended for publication’,” says Diachenko.

Source

The source of the files is unknown. Diachenko says he found two possible leaks for the data. The first is a company that researches intellectual property law, called Lex Machina. Lex Machina is a department of software giant LexisNexis. The second option is LexSphere, a division of LexVisio that provides legal services to law firms and legal departments.

Diachenko goes on to say that he only informed Lex Machina of the leaky server, because at first he thought they were the owners of the server. Only later did he find a possible connection with LexVision. Weeks later, the database was still secured, but the researcher says he never received a response from the companies.

It is also possible that the owner of the database realised that the server was publicly accessible and placed it behind a firewall.