[BreachExchange] Big data breach unmasks Bloomberg chat room users

Audrey McNeil audrey at riskbasedsecurity.com
Mon Aug 7 18:32:24 EDT 2017


http://nypost.com/2017/08/04/data-breach-unmasks-bloomberg-
terminal-chat-room-users/

Nearly one thousand Bloomberg terminal users participating in an anonymous
chat room had their identities unmasked this week when a London investment
company sent out a list of the participants — including names and employers
— to people in the chat room, The Post has learned.

The data breach, one of the largest ever for former Mayor Mike Bloomberg’s
financial information company, led moderators to shut down the metal and
mining chat, as well as two others — one that focused on macroeconomic data
and another on energy, according to participants.

For the 866 participants in the chat room, the breach is an unnerving event
— exposing their candid, and sometimes off-color comments to both rivals
and to companies they might be researching.

But the effect of the “unmasking,” as users have come to call it, is likely
to be even greater than that as news of the breach is rippling throughout
the company’s 325,000 subscribers.

“This ‘unmasking’ shouldn’t have happened in the first place,” one
anonymous Bloomberg terminal user in the Airline and Aerospace chat room
said on Thursday, according to a transcript obtained by The Post.
“Surprised there’s even a feature for BBG to unmask everyone in a
transcript to send.”

Under normal conditions, chat room participants are only identified by a
generic Bloomberg name, like “Member 12345.” As such, participants feel
they can speak candidly about companies in the sector — and on just about
any other subject matter.

Compliance officers at Wall Street firms, in order to police employees at
their firm, do have the ability to get unmasked transcripts of any
Bloomberg chat. But they are required to keep the info confidential.

An executive at Bloomberg confirmed the e-mail’s contents.

“We provide this information to firms at their request so they can meet
legal and compliance requirements,” Ty Trippet, a spokesman for Bloomberg,
told The Post. “We also make sure all our users are aware of this
disclosure and actively opt-in before they can participate in an anonymous
chat.”

No one’s accused Bloomberg of any wrongdoing. The system has apparently
worked seamlessly for years — until Aug. 2, that is.

On that day, a user from the investment firm Janus Henderson sent an
unmasked list of all the participants in the metal and mining chat room the
previous day to many people who were in the chat room, according to copy of
the e-mail obtained by The Post.

The breach also includes a partial chat transcript from Aug. 1 that reveals
which users had said what — enough data to match users’ real names to their
anonymous chats.

It’s unclear why the full list of participants was leaked — or how many of
the 866 participants got the e-mail, which was sent from an address that
appears to be Janus Henderson’s generic subscriptions email,
Journal_Bloomberg_IM at janushenderson.com.

Janus Henderson is an 83-year old London firm with $30 billion of assets
under management. The Aug. 2 e-mail, has the subject line: Bloomberg IM: IM
initiated by MOATAZ ABED.

Abed is a trader at Noble Group, a China-based energy conglomerate. It’s
unclear why he had initiated a chat with the person at Janus Henderson, or
if other people were involved in the chat. He didn’t respond to an email
seeking comment.

Representatives for Janus Henderson and Noble Group had no immediate
comment.

While some of the chat rooms are lightly populated and not very active,
others have more than 1,000 participants and are filled with active on- and
off-topic discussions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170807/1de21588/attachment.html>


More information about the BreachExchange mailing list