[ad_1]
<div _ngcontent-c14 = "" innerhtml = "
Information leak and barbed wire
Getty
Mega violations and leaks are becoming more commonplace. In January, he & nbsp;appeared that more than a billion& nbsp; unique & nbsp; Combinations of email address and pbadword have been posted on a hacking forum that anyone can see in a mega-violation nicknamed Collection # 1. leaked through a marketing database& nbsp; called IO Checks.
Now, it appeared that an unsecured database belonging to an unknown organization had exposed 80 million American homes. according to Statistathat is half of all US households – certainly not a small number. Data totaling 24 GB includes addresses, names, dates of birth and more.
The leak was discovered by a VPN review firm VPNmentor, in partnership with independent security researchers Noam Rotem and Ran Locar. The couple – who found the unprotected database on a Microsoft cloud server: the identification of its owner is in progress. & nbsp;
The fact that all entries found in the database contain the & quot; member code & quot; and & quot; Purpose & quot; VPNmentor indicates that the huge collection of information belonging to a service uses it as a member tracking tool.
according to at CNET, the data was online until Monday of this week and did not require a pbadword to access it. Rotem indicated on the site that he and his team had checked the accuracy of certain data contained in the cache. However, to minimize the privacy breaches of those on the list, they did not download it.
Microsoft, which is not itself responsible for securing the data, has informed the database owner and told him that he helps the organization remove the information until it can be properly secure.
What details were exposed?
The uncoded data disclosed includes:
- Full addresses, including civic addresses, cities, counties, states, and postal codes
- Exact longitude and latitude
- Full names, including first and last names and initials
- Age
- Birth date
& nbsp;The database also contained coded information, including:
- title
- Sex
- Civil status
- Income
- Owner status
- Housing type
What does it mean?
As this leak shows, companies need to better protect their customer information, wherever it is. Companies are under pressure to carry out cloud computing projects, but this sometimes leads to a lack of adequate investments to do so safely.
& nbsp;"It's clear, after so many incidents, that companies do not have control over access to their data stored in the cloud," said Tim Erlin, vice president of Tripwire. "It's not for lack of tools, but for lack of understanding and implementation of available tools. If you store data in the cloud, you can and should be able to audit access permissions to that data on an ongoing basis. "
If cyber criminals have access to it, this information could be used to defraud the users listed in the database. This could include social engineering attacks or even a theft of identity. & nbsp;This type of data can also be used in mbad phishing campaigns with attackers using details to launch, for example, "badgraphy with ransomware" campaigns.
What's going on now
& nbsp;It's only a matter of time before details about the database owner appear. So, for now, people have to pay attention to notification emails – or check here and I will update this article once the company is named.
">
Information leak and barbed wire
Getty
Mega violations and leaks are becoming more commonplace. In January, it appeared that over a billion unique combinations of email addresses and pbadwords had been posted on a hacker forum, which everyone could see in a mega-violation nicknamed Collection # 1. In March, 763,117,241 people saw their files filtered by a marketing database called Verifications IO.
Now, it appeared that an unsecured database belonging to an unknown organization had exposed 80 million American homes. According to Statista, this corresponds to half of all US households – certainly not a small number. Data totaling 24 GB includes addresses, names, dates of birth and more.
The leak was discovered by a VPN testing company, VPNmentor, in partnership with independent security researchers, Noam Rotem and Ran Locar. The couple – who found the unprotected database on a Microsoft cloud server – are identifying its owner.
The fact that all entries found in the database contain the codes "member_code" and "score" indicates the huge collection of information belonging to a service that used it as a member tracking tool explains VPNmentor.
According to CNET, the data was online until Monday this week and did not require a pbadword to access it. Rotem indicated on the site that he and his team had checked the accuracy of certain data contained in the cache. However, to minimize the privacy breaches of those on the list, they did not download it.
Microsoft, which is not itself responsible for securing the data, has informed the database owner and told him that he helps the organization remove the information until it can be properly secure.
What details were exposed?
The uncoded data disclosed includes:
- Full addresses, including civic addresses, cities, counties, states, and postal codes
- Exact longitude and latitude
- Full names, including first and last names and initials
- Age
- Birth date
The database also contained coded information, including:
- title
- Sex
- Civil status
- Income
- Owner status
- Housing type
What does it mean?
As this leak shows, companies need to better protect their customer information, wherever it is. Companies are under pressure to carry out cloud computing projects, but this sometimes leads to a lack of adequate investments to do so safely.
"It's clear, after so many incidents, that companies do not have control over access to their data stored in the cloud," said Tim Erlin, vice president of Tripwire. "It's not for lack of tools, but for lack of understanding and implementation of available tools. If you store data in the cloud, you can and should be able to audit access permissions to that data on an ongoing basis. "
If cyber criminals have access to it, this information could be used to defraud the users listed in the database. This could include social engineering attacks or even a theft of identity. This type of data can also be used in mbad phishing campaigns with attackers using details to launch, for example, "badgraphy with ransomware" campaigns.
What's going on now
It's only a matter of time before details about the database owner appear. So, for now, people have to pay attention to notification emails – or check here and I will update this article once the company is named.
