The FBI Terrorist Screening Center (TSC) may have revealed the database containing information on nearly 2 million people and made it available to anyone online for three weeks. Security researcher Bob Diachenko claims that on July 19, a terrorist watchlist was discovered containing information including the names, dates of birth, and passport numbers of people listed in the database.
Diachenko said the watchlist was not password-protected and was quickly indexed by search engines such as Censys and ZoomEye before the Department of Homeland Security shut it down on August 9. It remains unclear who may have accessed the data.
Among the watchlists maintained by the TSC is the American no-fly list. Federal agencies such as the Transportation Security Administration (TSA) use the database to identify known or suspected terrorists attempting to enter the United States.
A recent bipartisan Senate report warned of glaring cybersecurity gaps at various federal agencies, including the Department of Homeland Security, claiming that many of the agencies it audited had failed to implement even basic cybersecurity practices, such as multifactor authentication, and warning that this made national security information highly vulnerable to theft.
For more information, read the original story in Endgadget.