Unsecured Database Exposed Information of 80 Million US Households

Another huge data leakage has caught the attention of researchers. However, this one is somewhat different from the usual incidents in that the source of the leaky database remained unidentified. Besides, the information exposed here does not belong to some employees of users. Rather it links back to 80 million US households.

Records Of 80 Million US Households Exposed

Researchers from VPNMentor have spotted another leaky database exposing a huge amount of records. The database allegedly exposed details of roughly 65% of US households. However, the leaked data does not include financial or contact details.

As disclosed in their blog post, the researchers stumbled upon a publicly accessible database that exposed personally identifiable information of around 80 million households. Considering that each house may have more than one person, the actual number of the individuals affected from the incident could reach hundreds of millions.

The source of this 24GB database remained unidentified. Nonetheless, they found the database was hosted by a Microsoft cloud server.

Regarding the type of information included, the researchers noticed that the data exclusively belongs to the United States. It only included information about people 40 years of age and above. The researchers could find no records of people younger than age 40.

The exposed data included details such as the households’ full addresses (including street addresses and zip codes), exact latitude and longitude, complete names of individuals, their age, birth dates, marital status, gender, homeowner status, dwelling type, and income.

Fortunately, the data did not include other sensitive details such as the policy numbers, account numbers, Social Security numbers, or payment types.

Researchers Request Assistance To Identify Database Owners

The duo Noam Rotem and Ran Locar discovered this data while continuing with their web mapping project. Although, in most cases, the researchers succeed in tracing back the owners of a leaky database, this time, they couldn’t identify the owner. As stated in their blog,

“This time, we have no idea who this database belongs to. It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.”

Considering the presence of income of the people and the restriction of the data to a certain age group, they suspect it might belong to some healthcare, insurance, or mortgage firm.

“The only real hint that this database belongs to some kind of service is that “member_code” and “score” each appear in every entry.”

However, they did ask the people to help them identify the source so that they could inform the database owners.

According to Microsoft’s statement they discovered the owners and informed them of the matter.

“We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured.”

Later on, they confirmed that the database no longer remained online.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients