More than 700 passports and identity documents of attendees at Abu Dhabi Finance Week (ADFW) have been exposed online after a data leak linked to an unprotected cloud storage server. Access was possible for any user with a simple web browser, as confirmed by Roni Suchowski, an independent security researcher and consultant.
Personal data of international figures, among those affected
Among those affected by the leak are figures of international relevance such as Lord David Cameron, former British prime minister, Alan Howard, hedge fund manager, Anthony Scaramucci, American investor and former White House communications director, Richard Teng, co-CEO of Binance, and Lucie Berger, European Union ambassador to the United Arab Emirates. The leak was detected by Suchowski using commercial software that scans cloud services for insecure data.
The researcher maintains that the data cache was probably accessible to the public for at least two months. His previous attempts to warn the responsible organization were unsuccessful. The server was only secured after the organization was contacted on Monday.
"Responsible disclosure is crucial in case of data leaks to protect those affected. The process always consists of notifying the organization privately and giving them the opportunity to fix the problem before anyone takes advantage of it" - Roni Suchowski, independent security researcher
Organization's Response and Security Review
In a statement, the ADFW has acknowledged the existence of a vulnerability in a storage environment managed by an external provider. According to the organization, the incident affected a limited group of summit attendees. The ADFW assures that data protection and security have always been priorities and that the environment was immediately secured upon its identification. The initial review indicates that only the researcher who discovered the problem accessed the exposed data.
The organization has contacted the affected attendees to inform them of the leak. The ADFW is organized by the financial center ADGM, which has highlighted that the summit attendees manage assets exceeding $62 trillion.
Impact on the summit's image and international context
The summit, held in December, brought together more than 35,000 people, including ministers from the United Arab Emirates government and senior executives from international financial firms such as UBS, Blackstone, Standard Chartered, Barclays, Morgan Stanley, Temasek, Bridgewater, Carlyle, and Man Group. Representatives from cryptocurrency companies like Tether and Crypto.com also participated. The event was attended by the Crown Prince of Abu Dhabi, Sheikh Khaled bin Mohammed bin Zayed al-Nahyan.
Neil Quilliam, a member of Chatham House's Middle East and North Africa Programme, has described the cybersecurity leak as a "blatant mistake that contradicts the image Abu Dhabi wants to project."
The investigation into the real scope of the leak and its possible consequences is ongoing.