Unprotected Database Exposed Details of Over 80 Million U.S. Households
Security researchers found an unprotected database stored on the cloud that contained detailed information of over 80 million U.S. households.
vpnMentor’s Noam Rotem and Ran Locar discovered the unprotected database hosted on a Microsoft cloud server during the course of a web mapping project. When they peered inside, they found that the asset contained 24 GB of information pertaining to 80 million U.S. households–more than half of the total number of American homes. These details included the number of people living at each household along with each of these individuals’ full names, marital status, income bracket and age.
As noted by the researchers in a write-up of their discovery, digital criminals can abuse these pieces of information to commit identity theft, stage phishing attacks, infect individuals exposed in the data leak with ransomware, collect data for future attacks and even burglarize their homes.
Rotem and Locar indicated that they didn’t know to whom the database belonged, though based on the information involved, they made an educated guess that an organization in insurance, healthcare or mortgages owned the asset. They then asked the public for help them in identifying the database’s owner so that they could let them know about the data leak.
Shortly after their research went live, however, Microsoft took down the database and issued the following statement: “We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured.” The tech giant did not publicly release the name of the owner.
Tim Erlin, VP of Product Management & Strategy at Tripwire, explains that it’s not unusual for the identity of an owner of exposed data to be unknown. He admitted (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/unprotected-database-exposed-details-of-over-80-million-u-s-households/