A research team has uncovered an exposed database hosted on a Microsoft cloud server containing 24GBs of data on over 80 million U.S. households (via vpnMentor).
‘Hacktivists’ Noam Rotem and Ran Locar discovered this database that was unprotected. It includes 24GB of data, which includes full names, marital status, income bracket, age, and more of Americans, organized by household instead of individual.
This database is sitting out in the open, insecure, and ripe for hackers, especially those that engage in phishing. The research team discovered it by accident. They are currently running a web mapping project using port scanning to examine known IP blocks. This lets them find holes in web systems, which they then examine for weaknesses and data leaks.
Unlike previous leaks we’ve discovered, this time, we have no idea who this database belongs to. It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.
The data includes uniform entries for more than 80 million households, making it almost impossible to narrow down. The only clue we found lay in people’s ages: despite searching thousands of entries, we could not find anyone listed under the age of 40.
Interestingly, a value for people’s income is given (however, we don’t know if it’s a code for an internal ranking system, a tax bracket, or an actual amount).
This made us suspect that the database is owned by an insurance, healthcare, or mortgage company. However, information one may expect to find in a database owned by brokers or banks is missing. For example, there are no policy or account numbers, social security numbers, or payment types.
Tech people can help identify the database by emailing firstname.lastname@example.org.