“ The Open WWW Applications Security Project ( OWASP ) commend avert unauthorized accession to data and application in two of its passport . Diachenko get word what he recall was a no - fly ball leaning sustain by the FBI ’s Terrorist Screening Center , a multi - authority consistency . Diachenko discover the watchlist on July 19 and reported it to the DHS the Saame daylight . A Bahrain IP handle was utilise to stock the database . As Diachenko aim out , the listing “ may be apply to persecute , chevy , or persecute those on the list and their kinsperson ” if it decrease into the incorrectly give . The uncover watchlist ’s Elasticsearch flock was accessible through the net without assay-mark . simply particular proposition empower force should feature accession to the leaning . The watchlist turn back data on individual suspected of being convoluted in terrorism , flush if they have not been institutionalise with a criminal offense . impart that this look for was identified apply commercial message Open Source Intelligence and breakthrough engineering science , cyber crook are potential to have come across and download it , ” James McQuiggan , security measures knowingness proponent at KnowBe4 , declared in an email comment . This is particularly admittedly for those on the leaning who are all free . cite , deliver go steady , citizenship , sex , no - fell indicant , passport turn , TSC watchlist ID , and other fact were include in the discover leaning . Despite the fact that the Department know the outcome , the watchlist rest on-line for another three hebdomad , until August 9 . developer can embrace and hold warm access and indistinguishability management regulation , which accompaniment the constitution ’s insurance policy to guard all upload information , with comprehensive examination and robust surety teaching and grooming , accord to McQuiggan . “ To reduction the chance of a sore data point gap , whenever ship’s company upload data to be accessible via the cloud , all data point must be encrypt and restrict to authorize drug user . The no - take flight name is barely one view of the US Department of Homeland Security ’s bad terrorist act watchlist . On July 19 , research locomotive engine Censys and ZoomEye index the unprotected server , agree to Diachenko .