lexisnexis confirms a major data breach after hackers leaked over 2gb of stolen files

the attack hit on february 24 via a react2shell flaw in an unpatched react frontend app giving access to aws infrastructure.

leaked stuff includes legacy customer names emails job details some government accounts aws secrets and infrastructure maps but no social security numbers or active passwords.

fulcrumsec posted the files on underground forums and lexisnexis says they contained it with no ongoing impact or service disruption.