A cybersecurity research team has found an anonymous open database containing 24GB of records specifying information on 80 million American families.
VPNMentor’s research team of Noam Rotem and Ran Locar found the database hosted on a Microsoft cloud server containing enormously thorough info about individual homes ranging from the owners name, address, age, map coordinates and birthdates.
One important piece of information that would allow Rotem and Locar to correct the issue has not been exposed.
They wrote that unlike preceding leaks we’ve discovered, this time, we have no idea who this database belongs to. It’s hosted on a cloud server, which means the IP address related to it is not necessarily connected to its owner.
Nevertheless, there are a few signs. Each records comprises a member ID signifying it could be from a service company, and there is also a category for income level leading Rotem and Locar to think it could be from an insurance, healthcare or mortgage company. But to counter this line of thought there are no policy or account numbers, social security numbers, or payment types.
Having no luck on their own the two researchers have decided to crowdsource the problem by asking others to put on their detective hats and ponder the clues available.
Although the records do not comprise truly harmful information such as Social Security numbers or payment card information, the data available could still prove unsafe if in the wrong hands.
There are sufficient hints contained to divine an email address opening people up to phishing attacks. A name and address are adequate to find out if a person lives in a rich area, and can lead to public social media accounts.
The database was exposed while the two were directing a web-mapping project in which they use port scanning to inspect known IP blocks. This discloses open holes in web systems, which they can then scrutinize for flaws and data leaks.