[BreachExchange] 201 million US demographic, personal records leaked online

Destry Winant destry at riskbasedsecurity.com
Mon Mar 9 10:13:23 EDT 2020


https://www.hackread.com/201-million-us-demographic-personal-records-leaked-online/

Another day, another data breach – This time, an unknown company or
individual has exposed personal and other highly sensitive data of
people in the United States.

The unprotected database was hosted on a Google Cloud server exposed
to the public without any security authentication. Simply put: the
database was accessible to anyone with an Internet connection anywhere
in the world.

Discovered by the IT security researcher Bob Diachenko from
Comparitech; the data contained over 201 million records (201,162,598
to be precise). An in-depth analysis of these records revealed details
like property and demographic information.

See: Verifications.io breach: Database with 2 billion records leaked

However, after further digging, researchers identified personal
details and demographic information exposed to the public. This
included:

Age
Names
Gender
Income
Ethnicity
Net worth
Credit rating
Employment
Email address
Investment preferences

The unprotected database further exposed the personal habits of
individuals for instance if,

They smoke
They Play golf
They own a pet
Their date of birth
They are a veteran
They own a credit card
They Donate to charity.

According to Comparitech’s blog post, the database was identified on
January 27th, 2020 while it was indexed by search engine BinaryEdge.
Since its owner was unknown Diachenko contacted Google with his
findings but never received any reply from the technology giant
however on March 4th the database was taken online.

Although, it is unclear if the database was accessed by third-party
with malicious intent, the fact that it remained exposed to the public
for more than a month leaves little doubt on who might have accessed
this trove of data.

Nevertheless, chances are that the information can be used against
victims in the shape of identity theft, blackmailing and phishing
scams, etc.

This, as you may have expected, is not the first time when data on
American households have been exposed online. In April last year, an
unprotected cloud repository containing personal and financial
information of more than 80 million US households was leaked online.

In December 2018, a database with over 73 gigabytes of data with
personal records of more than 82 million Americans was exposed to the
public. In June 2017, a marketing firm that was employed by the
Republican National Committee accidentally exposed data belonging to
200 million US citizens. That is around 62% of the entire population
of the US.


More information about the BreachExchange mailing list