Breach, Threat Management, Data Security

Misconfigured drive exposes locations of explosives used by oil industry

Oil company Allied-Horizontal Wireline Services (AHWS) are reported to have misconfigured a storage device, which has resulted in the leak of the locations where it stores the explosives it uses.

The company uses explosives to complete an oil-drilling process known as “perforation,” which it is licenced to do by the US federal government.  

The device, exposed by security researcher Chris Vickery in October, also reportedly contained thousands of credentials of staff who work for the organisation and a variety of AHWS employee information.

Alongside, other files showed the company's contracts with other oil companies, such as BP and Exxon.

AHWS, a company with more than 400 employees and 70 wireline units throughout the United States has since secured its files.

Vickery blogged about the incident, and praised AHWS for moving quickly to secure its data, saying: “Their IT department also gets bonus points for not suggesting that I somehow ‘hacked' them,” he said. “They were actually very grateful for the heads-up and couldn't have been nicer to me. It's refreshing when that happens.”

Vickery warned: “The discovery of an exposed file repository for an explosives-handling company is alarming. If bad guys wanted to know where explosives are being held, or who to blackmail into obtaining explosives, this would have been a prime knowledge base.”

Chris Vickery is notable for discovering several misconfigured voter databases this year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.