A database described by some as a "terrorism blacklist" has fallen into the hands of a white-hat hacker who may decide to make it accessible to the public online.
The database, called World-Check, belongs to Thomson Reuters and is used by banks, governments and intelligence agencies to screen people for criminal ties and links to terrorism.
Security researcher Chris Vickery claims to have obtained a 2014 copy of the database. He announced the details on Tuesday in a post on Reddit.
"No hacking was involved in my acquisition of this data," he wrote. "I would call it more of a leak than anything, although not directly from Thomson Reuters."
Vickery declined to share how he obtained the data, but he's already contacted Thomson Reuters about securing the source of the leak.
In an email, Thomson Reuters said on Wednesday that it was "grateful" to Vickery for the alert. The "third-party" that leaked the database has taken it down, the company added.
Vickery has previously exposed database leaks related to Mexican voters, a Hello Kitty online fan community and medical records.
His copy of the World-Check database contains the names of over 2.2 million people and organizations declared "heightened risks." Only a small part of the data features a terrorism category. Additional categories include individuals with ties to money laundering, organized crime, corruption and others.
He is asking Reddit users whether he should leak the database to the public. His concern is that innocent people with no criminal ties may have been placed on the list.
The information isn't really secret either. Users can buy access to the database from Thomson Reuters.
Leaking the database, however, could create risks and tip off "actual bad guys" that they’ve been placed on the list, Vickery said.
Thomson Reuters declined to say how it might respond if Vickery decides to publicize the information. The World-Check database is sourced from the company’s analysts, "industry sources" and government records.