80 Million Households Exposed in Data Leak: What You Need to Know

Into the Exposed Database Hall of Shame comes a new entry: an unprotected cloud repository listing the names, dates of birth and street addresses of the adults in 80 million U.S. households, as found by two Israeli researchers.

It's not all blue skies in the cloud. Credit: ESB Professional/Shutterstock

(Image credit: It's not all blue skies in the cloud. Credit: ESB Professional/Shutterstock)

That's approximately two-thirds of the households in the U.S., according to CNET, which spoke with the researchers.  An identity thief who got hold of the data would have a field day, as full names, current addresses and exact dates of birth are 3/4 of the identity-theft quadrifecta --
match a Social Security number with any of those entries, and you're done.

The good news is that the researchers aren't revealing the database's online location. The bad news is that they don't know to whom it belongs, and can't tell its owner to fix it until they figure that out.

MORE: Best Identity Protection Services

As detailed in the VPN Mentor blog, researchers Noam Rotem and Ran Locar found the 24GB database hosted on a Microsoft cloud service (presumably Azure, but we don't know for sure) earlier this month. The database seems to have been up since February.

The VPN Mentor blog post, penned by a pseudonymous "Guy Fawkes," doesn't specify exactly how the database was left unprotected. Sadly, it's pretty common for companies to throw sensitive information up on an Amazon Web Services or Microsoft Azure cloud server without securing it properly.

The data also includes marital status, gender, income, homeowner status (i.e., whether the home is owned or rented) and type of home (apartment, house, etc.).

"This made us suspect that the database is owned by an insurance, healthcare or mortgage company," the blog post said. "However, information one may expect to find in a database owned by brokers or banks is missing. For example, there are no policy or account numbers, Social Security numbers or payment types."

Another tantalizing tidbit -- "despite searching thousands of entries, we could not find anyone listed under the age of 40."

VPN Mentor assumes that this database belongs to an online service that collected this information from people who signed up for it voluntarily, but there don't appear to be email addresses or telephone numbers in the database -- street mailing address appear to be the only contact information.

The demographic information listed here is pretty easy to obtain from commercial data brokerages if you're willing to pay well. We suspect this database may be related to a marketing company that sells condos in Florida, or maybe even the AARP, which somehow knows exactly when your 50th birthday is coming up so that it can start sending you junk mail.

If you have a good idea of whose database it might be, drop VPN Mentor a line at info@vpnmentor.com.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
How to delete TikTok
TikTok has rolled out a vital new security feature — here's how to use it
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 20 (#648)
A phone with the Plex logo in front of an out-of-focus background of movie posters
Yikes! Plex is getting a price hike and this key feature is going behind a pay wall
back of Iris Pixel 9a
Google Pixel 9a pre-orders delayed due to 'component quality issue' — here's when you can get one
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Sony A95K QD-OLED TV in front of windows in a living room
This new TV breakthrough looks like a game-changer for OLED TVs
Apple iPhone 16 & 16 Plus hands-on.
Forget USB-C — a truly portless iPhone just got the all-clear from the EU
  • Sean Callahan
    Everyone over 40? Anything in the database saying it was compiled by a Nigerian Prince? :joycat::joycat::joycat:
    Reply