A team of security researchers has claims to have found a publicly-accessible database that exposes information on more than 80 million U.S. households—nearly 65 percent of the total number of American households.
Discovered by VPNMentor’s research team lead by hacktivists Noam Rotem and Ran Locar, the unsecured database includes 24GB of extremely detailed information about individual homes, including their full names, addresses, ages, and birth dates.
The massive database which is hosted on a Microsoft cloud server also contains coded information noted in “numerical values,” which the researchers believe correlates to homeowners’ gender, marital status, income bracket, status, and dwelling type.
Fortunately, the unprotected database does not contain passwords, social security numbers or payment card information related to any of the affected American households.
The researchers verified the accuracy of some data in the cache, but they did not download the complete data in order to minimize the invasion of privacy of the affected ones.
The research team discovered the database accidentally while running a web mapping project using port scanning to examine known IP blocks in order to find holes in web systems, which they then examine for weaknesses and data leaks.
Usually, the team alerts the database owner to report the leak so that the affected company could protect it, but in this case, the researchers were unable to identify the owner of the database.
“Unlike previous leaks we’ve discovered, this time, we have no idea who this database belongs to,” the team says in a blog post. “It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.”
The unsecured Database was online until Monday and required no password to access, which has now been taken offline.
images from Hacker News