An unprotected database containing 800GB of personal data including 200 million detailed user records were discovered by researchers at Lithuanian research group CyberNews.
The user records in the database were found to be profiles of US users. The exposed data contained details like user’s full names and titles, email addresses, phone numbers, birthdates, credit ratings, home and mortgage real estate addresses, demographics, mortgage and tax records, and information about personal interests, and investments, as well as political, charitable, and religious donations.
According to the CyberNews team, most of the data in this folder may have originated in the United States Census Bureau. They found the database on Shodan.io in January and contacted the US Census Bureau as a potential owner and did not receive any response.
Besides the unsecured main folder, the database contained two more folders that are unrelated to the personal records contained in the main folder. These folders had the emergency call logs of a US-based fire department and also a list of around 74 bike stations that formerly belonged to a bike-share program.
The two smaller folders did not contain personal data but the fire department call logs contained dates, time, locations and other metadata dating back to 2010. The researchers believe that the data in these two folders may have been stolen or used by several parties at the same time.
Based on the structure of the data the researchers assume that the database belonged to a data marketing firm, or a credit or real estate company.
The information in this database are very much useful to phishers, scammers and other cybercriminals who could use the personal details in it to launch phishing campaigns, spam attacks, and social engineering attempts.