Huge data breach impacts 80 million US households

Ethical hackers from vpnmentor found an unprotected database on the net on a cloud server. The data base contains sensitive data from 80 million US households. And no one knows who owns the database.


I just received a mail from the security specialists of vpnmentor titled BornCity's HELP REQUIRED – Hundreds of Millions of US citizens data leaked (Names and Income included).

The data breach

The vpnmentor research team has discovered a hack that makes data from 80 million US households public. An unprotected, 24 GB database hosted on a Microsoft cloud server was discovered by hack activists Noam Rotem and Ran Locar. The vpnmentor researchers are currently conducting a large web mapping project. The researchers are using port scanning to investigate known IP blocks. This involves uncovering open holes in web systems, which the researchers then examine for vulnerabilities and data leaks.

The unprotected 24 GB database found on a Microsoft cloud server. It must have come from a hack or otherwise left unintentionally unprotected on the server. The unprotected database contains sensitive material from up to 65% of US households. Data includes the number of people living in each household with their full names, marital status, income class, age and more.

Datenbank(Source: vpnmentor)

It's even noted if a person is a homeowner. But there is no indication of who this database comes from. The only indication that this database belongs to some kind of service is the fact that the fields "member_code" and "score" appear in each entry. This huge data breach impacts hundreds of millions of US citizens. This is a serious matter, as two-thirds of US households are affected.


Database owner not known, help required

The researchers from vpnmentor don't know exactly who is leaking that data. But they hope, blogs can help spread the word. Maybe one of my readers will recognize the source of the leak and take care of it. Details are documented within the vpnmentor blog post. If you can help identify the owner of this database or know who owns the database, you can contact the researchers at

Addendum: Meanwhile, a reader notified me via a social network, that it could be a database with a questionaire of the US Census Authority – the structure of the database reflects their questions.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

2 Responses to Huge data breach impacts 80 million US households

  1. Jl says:

    Or a state property tax database.

  2. Mark says:

    More like several states. There isn't a state in the US that has 80 million in population. Even California and New York combined don't have 80 million. In any event…it's a lot of people impacted.

Leave a Reply

Your email address will not be published. Required fields are marked *