Wall Street traders are freaked by Bloomberg message leak

FORTUNE — Bloomberg LP must go further to ensure their customers’ sensitive data is truly secure. The company dodged a bullet last week as traders on Wall Street and in the City of London shrugged off reports that Bloomberg News journalists had access to a number of seemingly benign customer data points. But reports that confidential client messages exchanged over Bloomberg terminals had been accidentally posted online by the company have raised a fair share of eyebrows across the financial community and could ultimately threaten Bloomberg’s main business, its terminal sales.

The Bloomberg terminal is an indispensable data and research tool used by the financial community to monitor the markets. One can do everything from see the pricing curve of some esoteric security, to checking airline flight prices, to reading and watching financial news. With subscription fees at around $20,000 a year per user, the terminal is also the firm’s main revenue generator.

The terminal is used differently by each silo of the Street. Bloomberg sales teams have a function <UUID> to monitor what their users are looking at to determine best how to structure and sell their product to each of these disparate silos. It had been around since the company’s founding 30 years ago.

But news last week that journalists at Bloomberg’s massive news division were using the function to snoop on financial professionals — from investment bankers to the Chairmen of the Federal Reserve — alarmed the media and the government. The information available to journalists, though, turned out to be relatively benign. Apparently UUID can show information on which of the 15,000 functions their clients were using along with statistics on when they last logged in.

“Nobody really cared that much that the Bloomberg reporters could see that stuff,” a trader who works at a large asset management firm in London told Fortune. “It was always assumed that they could see it as some guys on the desk would start to receive calls from the Bloomberg reporters the second they logged in.”

The company said on Friday that its reporters never had access to sensitive information like “securities-level data, position data [or] trading data.” Bloomberg said it had cut its employees off from accessing the UUID function last month after Goldman Sachs (GS) complained that a reporter had been using the data to check on the whereabouts of a Goldman employee who hadn’t logged into his terminal in some time. The company also said it was appointing a senior executive who would be “responsible for reviewing and, if necessary, enhancing protocols which among other things will continue to ensure that our news operations never have access to confidential customer data.”

MORE: 6 big unanswered questions in the Bloomberg spying case

The Bloomberg drama would have probably ended there. The bulk of the traders and bankers Fortune spoke to over the weekend concerning this story said that the snooping scandal had become more important to journalists than the greater financial community.

But then came word Monday that a trove of Bloomberg messaging data had been found online. The data was old but contained user info, trading data, and sensitive communications between bankers, traders, and their clients. Bloomberg messenger is an email and instant messaging program. A great deal of trading and price discovery goes on in these chats — especially in the opaque over-the-counter market. It is where essentially large parts of the financial industry conduct the bulk of their business. Bids and offers are sent between brokers and buy-side professionals, and deals are sealed all on Bloomberg chat. Bloomberg actively scans messages to help its customers seemingly keep records of their bids and offers.

“They have a system to capture your broker runs in Bloomberg and feed through into Excel,” one fixed income trader told Fortune. “These runs come in every two seconds so it’s a priceless tool for us.”

Bloomberg employs an army of “message mining analysts” who, according to a recent job placement advertisement picked up by the Financial Times, “are responsible for ensuring that price information across Bonds, CDS, Loans and Mortgage products are properly picked up from individual messages and returned back to the client.”

The key here is “returned back to the client.” But with the cache of messages that were recently found online, some traders are concerned that their data isn’t being handled properly and could fall into the wrong hands. There is also concern that the company may be using that information to help Bloomberg Tradebook or Bloomberg Pool, the company’s growing broker-dealer and dark pool trading outfits, to gain an informational advantage over their clients.

“We give Bloomberg authorization to scan the runs but not to scan our deals,” one American trader told Fortune. “If they were using that data to help their broker-dealer front-run us then I’d never use the messenger service and go back to doing all my deals on the phone.”

Bloomberg’s chat and messaging function is one of the stickiest parts of its terminal business as it is seen as a necessary component for various silos of the street to conduct business, especially in the fixed-income market, where the vast majority of trades are done over the counter as opposed to on an exchange. If traders go back to using the phone or start using another platform they deem to be more secure than Bloomberg messenger, then the company could see a huge drop in subscriptions. Traders in the oil and gas space, for example, never took to using Bloomberg messenger to conduct OTC trades; rather, they have always used Yahoo’s free messaging system. So while Bloomberg messenger may be sticky, it isn’t super glue.

MORE: Private equity firms ‘concerned’ by Bloomberg snoop

Bloomberg said its clients voluntarily handed over the information, which was summarily posted online by accident several years ago. The company said it gathered the data for internal testing to improve its technology. Nevertheless the posting of the data combined with the snooping scandal has made a number of financial professionals uneasy.

“That’s terrible,” one hedge fund professional said upon learning that that trading data had been posted online. “If someone could see my IM [instant messages] and front-run my trades it would be a disaster.”

There is also concern that Bloomberg could lose control of private text messages sent over Bloomberg chat. Financial professionals use the chat not just for trading and business but also to talk smack about everything from their bosses to their clients.

“Legal liability is a concern,” a Wall Street trader told Fortune. “Nobody wants to be quoted talking about ‘muppets.’” By “muppets” the trader was referring to an insult that Goldman Sachs employees in London supposedly use to describe gullible clients.

“Bloomberg itself has no right or place to use and misuse that information,” a buy-side trader told Fortune. “I am vehemently opposed to this, and I think there can be very little dispute on this matter.”

It could take just one broker-dealer to make the move from Bloomberg to one of its data rivals, like Thomson Reuters, to start a huge earthquake in the industry. Reuters’s new Eikon terminal — dubbed the “Bloomberg Killer” — is arguably more user-friendly than the Bloomberg terminal and its 15,000 esoteric function codes.

So what should Bloomberg do? Apologies can get the company so far. As such, it should take bigger steps to ensure that Bloomberg’s various businesses aren’t sharing information both with the public and with each other. Bloomberg says it has beefed up its security measures since the trading data was posted online several years ago. But more can be done. Some traders have suggested that so-called Chinese Walls be erected around Bloomberg’s various business units to prevent cross-contamination of information. Large banks have such walls erected between their investment banking and research departments. Allowing regulators or some sort of independent auditor to review, approve, and report on their security measures would also go a long way in the eyes of some traders.

“Bloomberg offers a fantastic service. and I feel if they come out strongly to assure their users this won’t happen again and steps are being taken, I expect it to die down,” one trader in London told Fortune. “But most commentary suggests this could plague them for some time to come — which camp turns out to be right will largely depend on the strength of the Bloomberg response.”

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.