Image: BleepingComputer
LexisNexis confirmed a data breach after hackers leaked stolen files, with attackers claiming they exploited the React2Shell vulnerability.
A simple unpatched bug has led to a major breach, exposing millions of LexisNexis records.
According to BleepingComputer, a recent breach on LexisNexis gave hackers access to nearly 4 million database records, thousands of accounts, password hashes, and cloud records. The company admitted the hackers gained access by exploiting an unpatched React vulnerability in its systems.
The company, which provides legal and data analytics services to government and corporate organizations in more than 150 countries, saw more than 2 gigabytes of stolen data dumped on several dark web platforms by FulcrumSec, a hacker group.
According to Automox, 60% of data breaches are tied to unpatched vulnerabilities. While others have slightly different statistics, the signal is clear: unpatched system flaws have been an easy way in for hackers. And LexisNexis is yet another number in the broader stats.
BleepingComputer reported that the hackers exploited a months-old vulnerability in React2Shell. The flaw enabled them to access AWS containers containing customer information. The hackers noted that the company, which also provides security services, had insecure AWS infrastructure, allowing them to gain easy access to data stored in its cloud account.
Although the vulnerability became public in 2025, and a patch was already available, the company continued running a React application on the vulnerable version.
In a post on the dark web, the hackers said their attempts to contact LexisNexis about the issue were unsuccessful as the company declined to work with them.
Exposed data, as cited by BleepingComputer, includes:
Admitting to the breach, the company announced that the effect was minimal. Speaking to BleepingComputer, a spokesperson for the company said:
“Our investigation has confirmed that an unauthorized party accessed a limited number of servers.” Confirming the scope and severity of the breach, the spokesperson also noted:
“These servers contained mostly legacy, deprecated data from prior to 2020, including information such as customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses, and support tickets.”
LexisNexis also said, “The impacted information did not contain Social Security numbers, driver’s license numbers, or any other sensitive personally identifiable information; credit card, bank accounts, or any other financial information; active passwords; or customer search queries, customer client or matter information, or customer contracts.”
So far, the company has contacted affected customers of the incident. LexisNexis also claimed it has informed law enforcement agencies about the breach. Additionally, it contacted an external cybersecurity company to investigate and contain the incident. The company also claimed the incident didn’t affect its business continuity.
The attack on LexisNexis shows that most successful cyberattacks are often not new techniques. Instead, they happen due to basic failures to install critical software updates or configure solid infrastructure.
With data tied to thousands of government and Department of Justice employees exposed, the breach marks a notable hit on the legal sector through a weak point in a common supply chain. As with most incidents of this kind, affected customers are expected to receive guidance on steps they should take to protect their data.
Also read: Microsoft’s February Patch Tuesday fixes six zero-days under attack.
Joseph is a Technical Writer with about 3 years of experience in the industry, also advancing a career in cyber threat intelligence. He is passionate about the responsible use of technology, a passion that led him into cybersecurity. As an undergrad, he leads a novel community of technology enthusiasts at his school, NOUN, where he guides and shares resources for beginners in tech. His writing experience includes writing on a diverse range of topics, from consumer tech to startups and tutorials. Additionally, he periodically shares case studies and research reports on cybersecurity on his social media pages.
