Security News > 2021 > August > FBI Reportedly Exposed Secret Terrorist Watchlist
Security researcher Bob Diachenko claims to have discovered an unprotected Elasticsearch database containing 1.9 million records related to what appeared to be a terrorist watchlist of the United States government.
Diachenko identified what he believed to be a no-fly list maintained by the Terrorist Screening Center, a multi-agency group administered by the FBI. The no-fly list represents only a subset of a larger terrorist watchlist maintained by the U.S. Department of Homeland Security.
The watchlist contains information on people who are suspected of terrorism, although they might have not been charged with a crime.
The Elasticsearch cluster containing the exposed watchlist was accessible from the Internet without authentication.
Records in the exposed list contained information such as names, birth dates, citizenship, gender, no-fly indicators, passport numbers, TSC watchlist ID, and other details.
Although the Department acknowledged the incident, the watchlist continued to be accessible from the Internet for three more weeks, until August 9.