Database Provides Details of Over 80 Million US Households

Independent security researchers have cataloged the addresses and demographics of more than 80 million US households on an unsecured database stored in the cloud.

The details listed include names, age and sex, as well as income levels and marital status. The researchers, led by Noam Rotem, could not identify the owner of the database, which is still online and requires no password to access it. Some information is coded, such as sex, marital status and income level. Names, ages and addresses are not coded.

The data does not include payment information or social security numbers. According to Statista, the 80 million households involved represent more than half of US households.

"I would not want my data to be exposed in this way," Rotem said in an interview with CNET. "He should not be here."

Rotem and his team checked the accuracy of some data in the cache, but did not download them to minimize invasion of privacy from those listed, he said.

This is another example of a widespread problem with data storage in the cloud, which has revolutionized the way we store valuable information. Many companies do not have the expertise to secure the data they keep on servers connected to the Internet, resulting in repeated exposure of sensitive data. Earlier in April, a researcher revealed that information about patients in drug treatment centers was exposed on an unsecured database. Another researcher discovered a giant cache of Facebook user data stored by third-party companies on another database visible to the public.

Unlike a hack, you do not need to enter a computer to access an exposed database. You simply need to find the IP address, which corresponds to the address of each web page on the Internet. There is no indication that cybercriminals have accessed the information in this database.

Rotem is associated with VPNmentor, an Israeli company that reviews privacy products called VPNs and receives commissions when readers choose one that suits them, for research. In an article published Monday on his blog, the company asked the public to help identify the data owners to secure them.

"The 80 million families listed here deserve confidentiality," the company said in its blog.

Rotem found that the data is stored on a Microsoft-owned cloud service. Microsoft declined to comment on this story. Data security is the responsibility of the organization that created the database, not Microsoft itself. But the Titan software could contact his client to inform him of the problem, if the customer is identified.

Rotem discovered that the server hosting the data had been put online in February and had discovered it in April with the help of tools that he had developed to search and catalog databases. not secure. In January, he also discovered a security breach in a widely used airline booking system called Amadeus, which could allow an attacker to view and edit airline bookings.

The demographic information cache includes data on adults aged 40 and over. Many of the listed people are elderly, which, according to Rotem, could expose them to fraudsters who could use this information to try to scam them.