LexisNexis Breach via React2Shell Vulnerability

First reported

03.03.2026 17:40

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

LexisNexis Legal & Professional confirmed a data breach after hackers exploited the React2Shell vulnerability in an unpatched React frontend app. The breach exposed legacy, non-critical data, including customer names, user IDs, and business contact information. The threat actor, FulcrumSec, leaked 2GB of files on underground forums, claiming to have accessed sensitive data related to U.S. government employees and other officials. LexisNexis stated that the intrusion has been contained and no sensitive personally identifiable information or financial data was compromised. The company has notified law enforcement and engaged external cybersecurity experts to assist with the investigation.

Timeline

03.03.2026 17:40 1 articles · 3h ago

LexisNexis Breach via React2Shell Vulnerability
On February 24, hackers exploited the React2Shell vulnerability in an unpatched React frontend app to gain access to LexisNexis AWS infrastructure. The breach exposed legacy, non-critical data, including customer names, user IDs, and business contact information. FulcrumSec leaked 2GB of files on underground forums, claiming to have accessed data related to over 100 users with .gov email addresses. LexisNexis confirmed the intrusion has been contained and no sensitive data was compromised.
Show sources

LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40
Open in new tab

Information Snippets

Hackers exploited the React2Shell vulnerability in an unpatched React frontend app to gain access to LexisNexis AWS infrastructure.
First reported: 03.03.2026 17:40

1 source, 1 article
Show sources
- LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40
The breach exposed legacy, non-critical data from prior to 2020, including customer names, user IDs, and business contact information.
First reported: 03.03.2026 17:40

1 source, 1 article
Show sources
- LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40
FulcrumSec leaked 2GB of files on various underground forums, claiming to have accessed data related to over 100 users with .gov email addresses.
First reported: 03.03.2026 17:40

1 source, 1 article
Show sources
- LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40
LexisNexis confirmed the intrusion has been contained and no sensitive personally identifiable information or financial data was compromised.
First reported: 03.03.2026 17:40

1 source, 1 article
Show sources
- LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40
The company has notified law enforcement and engaged external cybersecurity experts to assist with the investigation.
First reported: 03.03.2026 17:40

1 source, 1 article
Show sources
- LexisNexis confirms data breach as hackers leak stolen files — www.bleepingcomputer.com — 03.03.2026 17:40