An unsecured cloud database has exposed the addresses and demographic details of more than 80 million US households. The data included names, age and genders, income levels and also marital status.
The owner of the database was not identified by the researchers, led by Noam Rotem and Ran Locar. The database was online until Monday and password was not required to gain access. Some of the details coded include gender, marital status and income level. But names, ages and addresses were not coded.
The data did not contain financial information or Social Security numbers. The 80 million households constitute more than half of the households in the US. There is no evidence of any information in this database being accessed by cybercriminals.
The researchers verified the accuracy of some data in the cache but did not download the data. This is one of the instances where cloud data storage could pose as a problem. Most of the companies and firms do not have the proficiency to secure the data kept on internet-connected devices. This leads to exposure of data repeatedly. As in the case of a hack, it is not necessary to break into a computer system to access an exposed database. All you require is to find the IP address assigned to any given web page.
Rotem and Locar associated with VPNmentor, an Israeli company which reviews privacy products called VPNs. The company made a blog post asking the public for help to identify those who might own the data so that it can be secured. They stated that the 80 million families whose data has been exposed deserves privacy.
Rotem found that the data was stored on a cloud service owned by Microsoft. It is the responsibility of the organization that created the database to secure the data and not Microsoft.
According to a Microsoft spokesperson, the database owner has been notified and necessary measures are taken to help the customer remove the data until it can be properly secured.
The server hosting the data became online in February, but it was discovered by Rotem in April using the tools he had developed to search for and catalog unsecured databases. allow an attacker to view and alter airline bookings.
He stated that the demographic information included data about adults aged 40 and older. Most of the people listed are elderly that could put them at risk from scammers who could use the information to try to deceive them.