Ethical hackers from vpnmentor found an unprotected database on the net on a cloud server. The data base contains sensitive data from 80 million US households. And no one knows who owns the database.
I just received a mail from the security specialists of vpnmentor titled BornCity’s HELP REQUIRED – Hundreds of Millions of US citizens data leaked (Names and Income included).
The data breach
The vpnmentor research team has discovered a hack that makes data from 80 million US households public. An unprotected, 24 GB database hosted on a Microsoft cloud server was discovered by hack activists Noam Rotem and Ran Locar. The vpnmentor researchers are currently conducting a large web mapping project. The researchers are using port scanning to investigate known IP blocks. This involves uncovering open holes in web systems, which the researchers then examine for vulnerabilities and data leaks.
The unprotected 24 GB database found on a Microsoft cloud server. It must have come from a hack or otherwise left unintentionally unprotected on the server. The unprotected database contains sensitive material from up to 65% of US households. Data includes the number of people living in each household with their full names, marital status, income class, age and more.
It’s even noted if a person is a homeowner. But there is no indication of who this database comes from. The only indication that this database belongs to some kind of service is the fact that the fields “member_code” and “score” appear in each entry. This huge data breach impacts hundreds of millions of US citizens. This is a serious matter, as two-thirds of US households are affected.
Database owner not known, help required
The researchers from vpnmentor don’t know exactly who is leaking that data. But they hope, blogs can help spread the word. Maybe one of my readers will recognize the source of the leak and take care of it. Details are documented within the vpnmentor blog post. If you can help identify the owner of this database or know who owns the database, you can contact the researchers at firstname.lastname@example.org.
Addendum: Meanwhile, a reader notified me via a social network, that it could be a database with a questionaire of the US Census Authority – the structure of the database reflects their questions.