A massive amount of private data from 80 million US households are now vulnerable after researchers found it exposed online. According to two security researchers named Ran Locar and Noam Roten, they discovered the 24GB database hacked. A full account of the discovery can be found in a blog post.
The details of the hack were not readily made available at this time, but the data is so sensitive. It contained people’s full names, addresses, their ages, marital statuses, and income brackets, among other information.
The security researchers even said that the birthdays and exact location of the individuals were leaked. It even has coded info on dwelling type and homeowner status. This, they said, made the exposed data a “goldmine” for attackers and identity thieves.
With a full name exposed, the researchers said that hackers can easily guess a person’s email address. It will be a fairly easy guess as most people use their first and last name in creating their email addresses.
They said exposed data is vulnerable to phishing scams. These scams have many forms, and it often comes through an email where dangerous links can be found. Attackers will also find it easy to group the households by income and age and exploit the vulnerable.
The researchers discovered the incident through info found on an unsecured cloud server. The team was on the process of a big “web mapping project” when they stumbled upon it. They said Microsoft hosts the cloud server through the Azure cloud platform. This is not the first time that a database so massive was hacked.
CNET said the number of the affected households account for two-thirds of the US households. However, researchers believe this is the first instance where the breached data had “names, addresses, and income” included. It was reported that the data were there since February.
Following their discovery, the two researchers shared the findings with the site that reviews the virtual private networks called vpnMentor.
Currently, the vpnMentor is encouraging the public to assist in identifying the database and help close the leak. Based on the info leaked, the researchers believe that the data comes from healthcare, mortgage, or insurance company.
The researchers said reporting the matter to the database owner will help in alerting those who are affected. The researchers said they did not download the file as this constitutes an “ethical breach.”
Those who might have any info on who owns the database may contact VPN Mentor at [email protected].