The 24 GB database was hosted on a Microsoft cloud server.
Another day, another data breach; this time researchers have discovered an unprotected cloud repository containing personal and financial information of more than 80 million US households.
This incident reminds us of two similar breaches in which highly sensitive data of 200 million and 82 million US citizens was left exposed.
In the latest one, according to researchers from vpnMentor, the 24 GB database was hosted on a Microsoft cloud server and included the number of people living in each household with their full names, their marital status, income bracket, age, addresses, state, country, city, zip code, gender, date of birth, exact longitude and latitude.
According to vpnMentor’s blog post, the database was discovered during “a huge web mapping project” that the company has been working on. In usual circumstances, it is easy for researchers to identify the origin and owner of the database however in this case, it remains unclear who left it exposed without any authentication.
“We believe that it is the first time a breach of this size has included peoples’ names, addresses, and income. This open database is a goldmine for identity thieves and other attackers,” researchers said.
The researchers opine that since the people’s income in the database has been defined with the value it is quite possible that it belongs to healthcare, insurance or mortgage firm. Furthermore, researchers are urging the public to help them identify who the database actually belongs to as it puts online privacy and lives at risk in real time.
Update 30/04/2019: A positive development nevertheless is that Microsoft has intervened and at the time of publishing this article; the database was taken offline by the company.
“We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured”.
Insecure databases have been causing a great deal of danger to people in real life. Last month, a Family locator app was caught leaking real-time location data of 238,000 individuals while last week, an Iranian ride-hailing app was leaking personal data of millions of citizens putting their privacy at risk.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.