LexisNexis Breach Exposes Data from AWS Servers

LexisNexis Breach Exposes Data from AWS Servers

Posted on By CWS

In a recent cybersecurity incident, a hacker known as FulcrumSec has claimed to have breached the LexisNexis Legal & Professional division of RELX Group. The attacker alleges the theft of 2.04 GB of structured data from the company’s Amazon Web Services (AWS) cloud setup.

Details of the Security Breach

FulcrumSec revealed in a post dated March 3, 2026, that they initially gained access on February 24. This access was reportedly achieved by exploiting the React2Shell vulnerability found in an unpatched React application, which the company had allegedly left unsecured for an extended period.

The attacker utilized a compromised ECS task container, LawfirmsStoreECSTaskRole, which was granted access to critical resources. These included the production Redshift data warehouse, 17 VPC databases, AWS Secrets Manager, and the Qualtrics survey platform.

Security Vulnerabilities Criticized

In their post, FulcrumSec criticized LexisNexis’s security measures, noting that the RDS master password was alarmingly simple: “Lexis1234”. Furthermore, a single task role was found to have read access to all secrets within the AWS account, including key production database credentials.

The breach allegedly exposed 536 Redshift tables, over 430 VPC database tables, and 53 plaintext secrets from AWS Secrets Manager. The total volume of records compromised is estimated at 3.9 million, with around 400,000 cloud user profiles potentially affected.

Implications and Response

Among the exposed user profiles, 118 accounts were linked to .gov email addresses of federal judges, law clerks, and attorneys from the U.S. Department of Justice and the SEC. The attacker also claims to have acquired a complete map of the VPC infrastructure and a full dump of AWS Secrets Manager.

FulcrumSec clarified that this incident is unrelated to the December 2024 GitHub breach, which involved unauthorized access to personal data via LexisNexis’s third-party platform. This recurring issue highlights ongoing security concerns within a major repository of legal data.

Follow our updates on Google News, LinkedIn, and X for more on cybersecurity developments. Reach out to feature your own stories.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

CISA Warns of Motex LANSCOPE Endpoint Manager Vulnerability Exploited in Attacks CISA Warns of Motex LANSCOPE Endpoint Manager Vulnerability Exploited in Attacks Cyber Security News
Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation Cyber Security News
South Asian APT Hackers Using Novel Tools to Compromise Phones of Military-Adjacent Members South Asian APT Hackers Using Novel Tools to Compromise Phones of Military-Adjacent Members Cyber Security News
F5 Addresses Critical Security Flaws in BIG-IP and NGINX F5 Addresses Critical Security Flaws in BIG-IP and NGINX Cyber Security News
Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities Cyber Security News
11,000 Android Devices Hacked by Chinese Threats Actors to Deploy PlayPraetor Malware 11,000 Android Devices Hacked by Chinese Threats Actors to Deploy PlayPraetor Malware Cyber Security News