Unidentified Database Exposes Records of 200 Million Americans

March 23, 2020

The CyberNews research team uncovered an unsecured database owned by an unidentified party, comprising 800 gigabytes of personal user information.The database was left on a publicly accessible server and contained more than 200 million detailed user records.

On March 3, 2020, the entirety of the data present on the database was wiped by an unidentified party.

The database is located in the US and hosted on a Google Cloud server that has been exposed for an unknown period. The database itself is still online and accessible but no longer contains any records. While it’s unclear if any malicious actors have accessed the database before the wipe on March 3 or if the data was erased by a blackhat hacker, anyone who knew where to look could have accessed the data, without needing any kind of authentication, says the research team.

According to the CyberNews team, the unsecured database contained a folder that included more than 200 million incredibly detailed records of what looked like profiles of US users, including:

Full names and titles of the exposed individuals
Email addresses
Phone numbers
Dates of birth
Credit ratings
Home and mortgaged real estate addresses, including their exact locations
Demographics, including numbers of children and their genders
Detailed mortgage and tax records
Detailed data profiles, including information about the individuals’ personal interests, investments, as well as political, charitable, and religious donations

The CyberNews team says that it seems that much of the data on the main folder might have originated from the United States Census Bureau as certain codes used in the database were either specific to the Bureau or used in the Bureau’s classifications.

In addition, the database contained two additional folders that were seemingly unrelated to the mass of personal records the research team found in the main folder. These folders included the following data:

Emergency call logs of a fire department based in the US.
A list of some of the 74 bike share stations that used to belong to a bike share program. The current owner of those bike share stations is Lyft.

While the two smaller folders did not contain any personal information, the call logs from the fire department included dates, times, locations, and other emergency call metadata dating as far back as 2010, notes the report. "The presence of the mapped bike share station locations and the call logs of the fire department may have indicated that the database might have been either a collection of stolen data or was used by several parties simultaneously, but we were unable to positively confirm this," adds the research team.

"Due to how the data in the main folder was structured, however, our analysts suspect that the database belonged to a data marketing firm or a credit company," claims CyberNews. For example, CyberNews notes that categories and sections were marked as codes in a fashion similar to dictionaries used by data marketers, there were no social security numbers and all the data profiles we looked at included credit scores.

For the full report, visit CyberNews.com

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Unidentified Database Exposes Records of 200 Million Americans

Related Articles

Related Products

Related Events

Report Abusive Comment