Threat actor accessed Cloud infrastructure accessed via unpatched application from LexisNexis. Raises question on Legacy data retention

There has been unauthorized access as confirmed by LexisNexis were unauthorised access to its servers by hackers lead to leak of 2 GB of data across several underground forums.

Threat actor known as FulcrumSec leaked data for data analytics and legal information company purposely and was quiet an easy target as the company had held mostly legacy data predating 2020. Now the compromised servers held information including included customer names, user IDs, business contact details, products used, customer surveys with respondent IP addresses and support tickets.

Cloud Infrastructure Accessed

The threat actors reveled gaining access to LexisNexis’s AWS infrastructure on 24 February 2025 by exploiting a vulnerability, identified as React2Shell, in an unpatched React frontend application.

Key data accessed:

• The breach enabled access to 536 Redshift tables,
• More than 430 VPC database tables
• 53 AWS Secrets Manager secrets stored in plaintext
• Approximately 3.9 million database records, 21.042 customer accounts
• 5.582 attorney survey respondents, 45 employee password hashes
• A complete mapping of the company’s VPC infrastructure

Further the threat actor claimed access to around 400.000 cloud user profiles containing real names, email addresses, phone numbers, and job functions. Of those, 118 users reportedly held .gov email addresses associated with US government employees, federal judges and law clerks, attorneys from the US Department of Justice, and staff from the US Securities and Exchange Commission.

What are cloud attacks and how are they caused?

Cloud computing provides organizations with a plethora of business-oriented benefits: reduced infrastructure cost, zero expenses for on-premises hardware, on-the-fly scalability to accommodate any number of users, etc. It also helps companies to quickly adopt trending technologies like generative AI, big data, and infrastructure as a service.

When cloud Infrastructure is attacked harmful action towards any cloud-based system or service, including cloud computing, Software-as-a-Service, cloud storage, etc. It can come from outside and inside of an organization and have malicious or negligent intent.

Cloud attacks can lead to a variety of negative consequences such as data leak or theft, disruption of services, and financial and reputational losses.

Based on its investigation, LexisNexis believes that the intrusion has been contained and found no evidence that products or services were impacted by the intrusion.

Breaches of cloud infrastructure and applications can be caused by various factors, from targeted hacking activity to reckless employee actions and cloud misconfigurations.

Developers have options to set additional protection measures for storage, infrastructure elements, virtual machines, etc. But developers can also misconfigure an environment due to:

• Human error
• Incomplete documentation from the CSP
• Hidden or unobvious settings

Malicious actors can abuse a misconfigured cloud environment to gain unauthorized access, compromise accounts, and malware injection attacks. Weak security configurations can also increase the risk of insider threats.

The latest breach raises questions about legacy data retention practices and cloud infrastructure access controls, particularly given the sensitivity of the user base affected and the scope of internal systems reportedly exposed.

Legacy Data Retention

Legacy data mainly have information that an organization has stored over the years of operations but no longer uses it day to day business operations. This can include data from retired systems, archived files, outdated formats, or systems that have been replaced or upgraded.

Legacy data holds significant value for organizations.

It can provide historical insights, support regulatory compliance, and be a resource for strategic decision-making. However, managing legacy data presents unique challenges that may arise due to data compatibility, storage, security and accessibility, which is why a comprehensive legacy data management strategy is crucial.

Sources: https://thepaypers.com/fraud-and-fincrime/news/lexisnexis-confirms-data-breach-after-hackers-leak-files