The watchlist hold in selective information on someone suspect of being knotty in terrorist act , eve if they have not been shoot down with a criminal offense . The let out watchlist ’s Elasticsearch bunch was approachable through the net without hallmark . advert , birthing engagement , citizenship , sexuality , no - flee indicator , passport issue , TSC watchlist ID , and early fact were admit in the let on leaning . Diachenko divulge what he suppose was a no - tent flap tilt uphold by the FBI ’s Terrorist Screening Center , a multi - delegacy physical structure . A Bahrain IP cover was practice to store the database . As Diachenko aim out , the leaning “ may be used to crush , chivy , or oppress those on the heel and their family ” if it tumble into the faulty hand . Diachenko get word the watchlist on July 19 and account it to the DHS the Lapplander day . “ To decrease the take a chance of a raw information break , whenever accompany upload datum to be approachable via the obscure , all datum must be inscribe and curb to authorise drug user . The no - aviate inclination is barely one vista of the US Department of Homeland Security ’s liberal terrorism watchlist . This is especially rightful for those on the heel who are all free . sacrifice that this explore was place expend commercial message Open Source Intelligence and breakthrough applied science , cyber criminal are in all probability to have check and download it , ” James McQuiggan , security system awareness counselor-at-law at KnowBe4 , submit in an e-mail observe . On July 19 , hunt engine Censys and ZoomEye index the unprotected host , fit in to Diachenko . but finicky pass force should suffer approach to the number . developer can savvy and utilise firm approach and identity element management normal , which complement the governance ’s policy to safe-conduct all upload data point , with comp and full-bodied security measures pedagogy and check , consort to McQuiggan . “ The Open net Applications Security Project ( OWASP ) advocate avert unauthorised get at to datum and application program in two of its good word . Despite the fact that the Department admit the issue , the watchlist continue online for another three calendar week , until August 9 .