Together, towards a better future

Personal Information of 80 Million American Households Exposed


1 min read
Personal Information of 80 Million American Households Exposed

Discovered by VPNMentor’s research team the unsecured database includes 24GB of extremely detailed information about individual homes, including their full names, addresses, ages, and birth dates.

The massive database which is hosted on a Microsoft cloud server which the researchers believe correlates to homeowners’ gender, marital status, income bracket, status, and dwelling type.

The unprotected database does not contain passwords, social security numbers or payment card information related to any of the affected American households.

The researchers verified the accuracy of some data in the cache, but they did not download the complete data in order to minimize the invasion of privacy of the affected ones.

The research team discovered the database accidently while running a web mapping project using port scanning to examine known IP blocks in order to find holes in web systems, which they then examine for weaknesses and data leaks.

Usually, the team alerts the database owner to report the leak so that the affected company could protect it, but in this case, the researchers were unable to identify the owner of the database.

“Unlike previous leaks we’ve discovered, this time, we have no idea who this database belongs to,” the team says in a blog post. “It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.”

Since each entry in the database ends with ‘member_code’ and ‘score’ and no one listed is under the age of 40, the researchers suspect the database could be owned by insurance, healthcare, or mortgage company.

Though the database did not expose sensitive card information or SSNs, the disclosed data is enough to be concerned about identity theft, fraud, phishing scams, and even home invasion.

Newsletter
Get all the latest posts delivered straight to your inbox!
A computer scanning for domains

Modern web application security. Protect your Website!

Integrate security into your website with Securi’s Deep Scan, a web app scanner that simulates hacker attacks.

  • WAF Protection
  • Monitoring
  • Incident Response
  • Performance Boost
Learn More
🎉 You've successfully subscribed to Hack Hex!
OK