Financial Times reports that the messages in question were found by a unnamed financial markets professional via a simple Google search, and that they were online for a number of years, accessible to anyone who knew what to look for. After the FT inquired about them, they were taken down.
Apparently, although containing confidential information such as the names and email addresses of the traders that exchanged them, their trading activity, price information, and even their unique Bloomberg user identifiers, the company had permission to collect and use the messages.
“This work was done with client consent, where emails were explicitly forwarded to us to a dedicated email account and released by the person responsible for the email so that we could conduct internal testing to improve our technology for the client,” a Bloomberg spokesman stated. Still, it doesn't say that they were allowed to put it on the Internet.
In fact, it seems that the (now former) employee that was working on the project intended to upload the messages on a secure website, but how they ended up where they were has still not been explained.
It remains to be seen whether this was done on purpose or by mistake, but one thing is sure: the company has a lot of apologizing to do. Actually, they have already started. Bloomberg CEO Dan Doctoroff and other executives have been contacting clients and apologizing for letting journalists access their information, dubbing the whole thing as a "mistake".
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.