Unprotected database exposes personal details of over 80 million US families

• The database was found to be hosted by a Microsoft cloud server and had no specific information regarding its owner.
• The 24GB database included details such as the number of people living in each household, their full names, marital statuses, income brackets and more.

Security researchers have come across an unguarded database that exposed personal data belonging to over 80 million US households. Noam Rotem and Ran Locar, who were part of vpnMentor’s research team, discovered this database which hosted a trove of personal information.

As of now, the owner of the database has not been ascertained, but it has been hinted to be some form of a service provider.

What information did the database entail?

• Rotem and Locar found that the database ‘itemized’ households instead of individuals. The entries contained full addresses, exact longitudes and latitudes, full names, ages and dates of birth. Full addresses included street addresses, cities, counties, states, and zip codes.
• The researchers also identified other entries which were coded. These include Title, Gender, Marital Status, Income, Homeowner Status, and Dwelling Type.

A monumental impact

The blog published by vpnMentor elaborates on how the exposed data could severely affect households across the US.

“Attackers – both on and offline – can identify the most vulnerable people, filter them by income, and use the information in the database to confidently attack and exploit people by phone, email, or in person.

This scenario is just the tip of the iceberg. Addresses can easily lead to phone numbers, making people easy targets for phishing scams. Dates of birth and postal codes are common answers to security questions. And longitude and latitude mean your home can be pinpointed and watched,” described the blog.

All in all, the researchers have requested online users to help them identify the database by reporting them so that it could be secured from spilling the large chunk of personal information.