Two security researchers at the VPN testing site vpnMentor have stumbled across a massive open database filled with sensitive information belonging to millions of Americans. The database is hosted by a Microsoft cloud server and contains extremely detailed information. As yet, they’ve been unable to figure out who the database belongs to or what its purpose is and they’re reaching out to users to help them get to the bottom of it.
A database including sensitive information about millions of Americans has been discovered online
Noam Rotem and Ran Locar found the database while carrying out research for vpnMentor. The massive file, containing a staggering 24 GB of data, has a wide range of sensitive information including addresses, GPS coordinates, full names, age, and date of birth. Other coded information includes title, gender, marital status, income homeowner status, and type of dwelling.
The database focuses on households rather than individuals but, incredibly, it holds information on 80 million American households, which is upwards of 65% of all households in the US.
The research duo has been unable to determine who the database belongs to, although they were able to highlight a few clues. The addition of a member ID could mean that the database belongs to an organization or company offering a service, and the income category is something you’d expect to see from an insurance provider, or a healthcare or mortgage company. In a bid to decipher the mystery, the pair have reached out to all readers with a riddle. The answer to the riddle could well be who the database belongs to.
“What service is used by 80 million homes across the U.S. – but only the U.S. – and only by people over 40? What service would collect your homeowner status and dwelling type but not your social security number? And what service records that you’re married but not how many children you have?”
Fortunately, the massive database doesn’t contain any truly dangerous information like social security numbers or credit card information, but it would still be seen as a treasure trove for cyber-criminals and identity thieves. It could make it easier for hackers to guess your email address and bombard you with phishing scams.
Another scary possibility is related to the recent outbreak of widespread ransomware attacks. If the attackers had access to your income details, they’d know how much you could afford to pay in a ransom demand if they encrypted your personal data.
Other risks posed by the database include the potential for thieves learning your whereabouts via social media and cross-checking that with your address via the database. They could use this information to figure out when your home is empty and make plans to break into your house. The fact that that the database includes age brackets could also allow potential attackers to target aging households where the occupants might be more vulnerable.
These threats all go beyond the obvious, which is that much of the information listed in the database marks common answers to online account security questions. The only things missing are the names of first pets and mothers’ maiden names.
If you want to take action to try and help close this massive data breach, you should try to solve the riddle above. If you can come up with an answer, contact Rotem and Locar here.