A misconfigured server has exposed a secret watchlist of suspected terrorists online.

Discovered on July 19 by Bob Diachenko, Head of security research at Comparitech, the Elasticsearch server was left online without a password or any other authentication. 

The exposed server was indexed by search engines ZoomEye and Censys. 

The server contained 1.9 million records including full name, TSC watchlist ID, citizenship, gender, date of birth, passport number and more. 

The TSC watchlist shares information on suspected terrorists with the Departments of State, Defense, Customs and Border Protection, TSA staff and international partners. Whilst the entire database wasn’t checked, Diachenko suggested that it may have contained the whole TSC list. 

”The terrorist watchlist is made up of people who are suspected of terrorism but who have not necessarily been charged with any crime. In the wrong hands, this list could be used to oppress, harass, or persecute people on the list and their families,” Diachenko explained

”It could cause any number of personal and professional problems for innocent people whose names are included in the list. There have been several reports of US authorities recruiting informants in exchange for keeping their names off of the no-fly list. Some past or present informants’ identities could have been leaked.”

Upon its discovery, Diachenko reported the exposure to the Department of Homeland and Security and the exposed server was taken down on August 9. It remains unclear as why it took so long to take down the server, and if any unauthorised parties accessed it. 


PrivSec Global is back for another 2 information-packed days, featuring a series of brand new topics and themes.