LexisNexis Cloud Breach: Hackers Crack Legal Giant, Exposing Judges and Feds
Global legal powerhouse LexisNexis confirmed a massive cloud breach where hackers exploited a vulnerable React app to steal 2GB of sensitive data from their AWS setup.[1] The leak includes profiles on U.S. federal judges, DOJ attorneys, SEC users, and thousands of enterprise clients like law firms and government agencies.[1][3]
Attackers, going by FulcrumSec, hit on February 24 via the React2Shell vulnerability in an unpatched front-end app, then escalated with misconfigured IAM roles and a hardcoded weak password (“Lexis1234”) in the database.[1] They grabbed 21,000+ customer accounts, 400,000 user profiles, VPC maps, 45 employee password hashes, 82k support tickets, and 53 plaintext cloud secrets.[1][3] LexisNexis calls it mostly pre-2020 legacy data, but it’s now dumped on underground forums; they’ve contained it and called in forensics.[1]
So What? If you’re a dev or sec team at a law firm, court, or agency, this is your supply chain nightmare—your trusted data provider just handed attackers your contact deets, procurement habits, and infra maps for phishing or worse.[1] Weak IAM and unpatched apps at a “critical” vendor mean you can’t trust third-party assurances; audit your suppliers NOW or risk becoming the next victim in targeted ops.[1]
This isn’t just sloppy cloud hygiene—it’s a wake-up call that even giants like RELX (LexisNexis parent) repeat mistakes, with this their second breach in a year. Devs, patch React apps religiously and kill hardcoded creds; sec teams, demand SOC2+ proofs from vendors. Ignore this, and you’re begging for FulcrumSec’s sequel.[1]
