[BreachExchange] Mysterious database exposed over 80 million records on US households

Destry Winant destry at riskbasedsecurity.com
Tue Apr 30 01:39:34 EDT 2019


https://www.techspot.com/news/79856-mysterious-database-exposed-over-80-million-records-us.html

Companies leaving customer data exposed on the internet is
unfortunately not that uncommon these days. However, it is usually
easy for the good Samaritans that discover these breaches to track
down the company responsible so that they can stop the leak — until
now.

Security website vpnMentor says, researchers were baffled when they
discovered an exposed database containing the records of over 80
million households on a Microsoft server. That is nearly 65 percent of
the homes in the US. What made it baffling was that it did not have a
clear owner.

Hacktivists Noam Rotem and Ran Locar made the discovery and said that
the records were completely unprotected. The 24GB database includes
full names, addresses, the number of people living in the household,
marital status, income bracket, age, gender, dwelling type, and
homeowner status.

The only clue as to whom it may belong to is that “member_code” and
“score” fields seem to indicate it is for some service, but other than
that it’s anyone’s guess.

The database is relatively recent. Rotem told CNET the server first
went online in February. So the records have only been exposed for a
few months at most. However, that does not lessen the seriousness of
the data leak.

“I wouldn't like my data to be exposed like this,” Rotem said. “It
should not be there.”

The researchers explain that there is enough information there to be
concerned about identity theft, phishing scams, and even home
invasion.

Microsoft is aware of the unsecured database but has declined to
comment. It is unclear if the software giant has contacted the owner
of the records, but that would be the responsible thing to do.

The researchers are not relying on Microsoft to take action though and
are hoping the public can help them identify the owner. They ask that
anyone that may recognize this information to contact vpnMentor.


More information about the BreachExchange mailing list