Massive data breach exposes Bloomberg chat room users

Nearly a thousand Bloomberg terminal users participating in an anonymous chat room had their identities exposed this week when a London investment firm sent a list of participants – including names and employers – to people present in the chat room, The Post has learned.

The data breach, one of the largest ever recorded by former Mayor Mike Bloomberg’s financial information firm, led moderators to shut down the metals and mining chat, along with two others – the one focused on macroeconomic data and the other on energy, according to participants.

For the 866 participants in the chat room, the breach is a disconcerting event – ​​exposing their frank and sometimes offbeat comments to both rivals and companies they might be looking for.

But the “unmasking” effect, as users have come to call it, is likely to be even bigger than that, as news of the breach ripples through the company’s 325,000 subscribers.

“This ‘unmasking’ shouldn’t have happened in the first place,” an anonymous Bloomberg terminal user said Thursday in the Airline and Aerospace chat room, according to a transcript obtained by The Post. “Surprised there’s even a feature for BBG to unmask everyone in a transcript to send.”

Under normal conditions, chat room participants are only identified by a generic Bloomberg name, such as “Member 12345”. As such, participants feel they can speak candidly about companies in the sector — and about just about anything else.

Corporate compliance officers on Wall Street, in order to vet their company’s employees, have the ability to obtain unmasked transcripts of any Bloomberg conversation. But they are required to keep the information confidential.

A Bloomberg executive confirmed the content of the email.

“We provide this information to companies at their request so they can meet legal and compliance requirements,” Bloomberg spokesman Ty Trippet told The Post. “We are also ensuring that all of our users are aware of this disclosure and actively register before they can participate in an anonymous discussion.”

No one has accused Bloomberg of wrongdoing. The system apparently worked seamlessly for years – until August 2, that is.

On this day, a user from the investment firm Janus Henderson sent an unmasked list of all participants in the metals and mining chat room the day before to many people who were in the chat room , according to a copy of the email obtained by La Poste.

The breach also includes a partial chat transcript from August 1 that reveals which users said what — enough data to match the users’ real names to their anonymous chats.

It’s unclear why the full list of attendees was leaked – or how many of the 866 attendees received the email, which was sent from an address that appears to be the generic subscription email from Janus Henderson, [email protected]

Janus Henderson is an 83-year-old London company with $30 billion in assets under management. The subject line of the August 2 email is: Bloomberg IM: IM initiated by MOATAZ ABED.

Abed is a trader at Noble Group, a China-based energy conglomerate. It is not known why he had initiated a conversation with the person of Janus Henderson, or if other people were involved in the conversation. He did not respond to an email seeking comment.

Representatives for Janus Henderson and Noble Group had no immediate comment.

While some of the chat rooms are sparsely populated and not very active, others have over 1,000 participants and are filled with active on- and off-topic discussions.

(This reporter worked at Bloomberg from 2012 to 2014.)

Comments are closed.