Security researchers have discovered an unprotected database containing sensitive information of more than 80 million US households publicly accessible to anyone.
Security Researchers Noam Rotem and Ran Locar discovered the unsecured database hosted on Microsoft cloud server and contained over 24GB of data.
“The database that the team discovered includes identifying information for more than 80 million households across the United States. As most households include more than one resident, the database could directly impact hundreds of millions of individuals.”
The database contains information such as full names, address, age, date of birth, income, marital status and other information of each individual in the houses.
According to researcher database seems to itemise households rather than individuals which includes:
- Full addresses, including street addresses, cities, counties, states, and zip codes
- Exact longitude and latitude
- Full names, including first, last, and middle initial
- Date of birth
Researchers also discovered that some information such as title, Gender, Marital status, Income, Homeowner status, Dwelling type were coded into numerical values.
Researchers said they discovered the database while running a web mapping project in which they use port scanning to examine known IP blocks. This will show any open holes in web systems and which they will scan for any weakness and data leaks.
The research team were not able to find the owner of the database, and it is hosted on a cloud server so the IP address associated with it is not necessary belongs to its owner.
After the publication of this report, Microsoft took it server offline and said that it had notified the owner of the database about the issue. Microsoft refused to reveal the owner of the database.
The sensitive information exposed in this breach can be used by cybercriminals to perform various cyber attacks such identify theft, phishing scams and fraud.
Earlier security researchers have discovered 85 Million US Voter Database for Sale in Dark Web.
You may be interested in reading:New Emotet Trojan Variant Uses Compromised Devices as Proxy C&C Servers