Discovered by VPNMentor’s research team the unsecured database includes 24GB of extremely detailed information about individual homes, including their full names, addresses, ages, and birth dates.
The massive database which is hosted on a Microsoft cloud server which the researchers believe correlates to homeowners’ gender, marital status, income bracket, status, and dwelling type.
The unprotected database does not contain passwords, social security numbers or payment card information related to any of the affected American households.
The researchers verified the accuracy of some data in the cache, but they did not download the complete data in order to minimize the invasion of privacy of the affected ones.
The research team discovered the database accidently while running a web mapping project using port scanning to examine known IP blocks in order to find holes in web systems, which they then examine for weaknesses and data leaks.
Usually, the team alerts the database owner to report the leak so that the affected company could protect it, but in this case, the researchers were unable to identify the owner of the database.
“Unlike previous leaks we’ve discovered, this time, we have no idea who this database belongs to,” the team says in a blog post. “It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.”
Since each entry in the database ends with ‘member_code’ and ‘score’ and no one listed is under the age of 40, the researchers suspect the database could be owned by insurance, healthcare, or mortgage company.
Though the database did not expose sensitive card information or SSNs, the disclosed data is enough to be concerned about identity theft, fraud, phishing scams, and even home invasion.