More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication.
The exposed data — a mix of personal and demographic details — included the name, address, email address, age, gender, ethnicity, employment, credit rating, investment preferences, income, net worth, and property information, such as:
- Market value
- Property type
- Mortgage amount, rate, type, and lender
- Refinance amount, rate, type, and lender
- Previous owners
- Year built
- Number of beds and bathrooms
- Tax assessment information
According to security firm Comparitech, the database, which was hosted on Google Cloud, is said to have been first indexed by search engine BinaryEdge on 26th January and discovered a day later by cybersecurity researcher Bob Diachenko.
But after failing to identify the database owner, the server was eventually taken offline more than a month later yesterday.
“We’ve been trying to contact Googles cloud security team (IP with database was hosted on their cloud) for them to take down the IP but never got a response,” the research team told The Hacker News. “No other ways to determine the owner were possible because no reverse DNS records were available due to the cloud-based nature of the IP.”
In all, the database comprised of 201,162,598 records, with each entry corresponding to a unique individual.
images from Hacker News