Leaked database leak addresses and information on the income of millions of Americans



[ad_1]

Insecure database exposes information on about 80 million US households

A publicly available database containing information on approximately 80 million US households has been discovered on a Microsoft cloud server, accounting for more than half of the total number of US households.

Although, for the moment, no information indicates who is the company that left the 24 GB of data exposed, the vpnMentor research team in collaboration with hacktivists Noam Rotem and Ran Locar – who discovered the basis of unprotected data on a Microsoft cloud server – identifying its owner (s).

The fact that all entries found in the database contain the codes "member_code" and "score" indicates the huge collection of information belonging to a service that used it as a member tracking tool .

Sample of exposed household data
Example of data on exposed households

Domestic data leaked

As described in the Rotem and Locar report, the disclosed database was used to organize the information in a "home" format rather than focusing on individuals as most data collections do.

The information disclosed includes:

  • Full addresses, including civic addresses, cities, counties, states, and postal codes
  • Exact longitude and latitude
  • Full names, including first and last names and initials
  • Age
  • Birth date

Although many data are available in human-readable form, the database also contains coded information presented in the form of "internally assigned numeric values" for:

  • title
  • Sex
  • Civil status
  • Income
  • Owner status
  • Housing type

"This is not the first time that a huge database has been broken, but we believe this is the first time a violation of this size includes people's names, addresses, and incomes," they said. declared Rotem and Locar. "This open database is a gold mine for identity thieves and other attackers."

Why it stands out

While data breaches have become commonplace, this leaked database stands out for at least two reasons, ignoring the fact that 80 million households result in a significant number of people affected, somewhere between hundreds of millions of people. people with their addresses, places and dates of birth exposed.

First of all, all entries stored in the database are for people under 40 years old. This is the only piece of information that connects everyone in the 80 million or so households.

Second, each entry in the disclosed household collection is associated with an "income" and "owner" label that may be associated with "an internal filing system, tax bracket or actual amount".

However, as indicated by the vpnMentor report, this would mean that the information contained in the publicly accessible database is owned by a credit or insurance company. Despite this, there is no specific information about payments, social security numbers or account numbers, what such data collection should include.

Rotem was behind another major discovery in January, when he discovered that hackers could potentially see and modify private information in flight bookings made by millions of customers of major international airlines because of a security problem in the Amadeus online booking system.

[ad_2]

Source link