An insecure database exposed sensitive information of around 80 million households in the United States. According to the security researchers Noam Rotem and Ran Locar from the security firm vpnMentor, the unprotected database leaked nearly 24 GB of data which is hosted by Microsoft cloud server.
The unprotected server contained personal information about U.S. people, including their full names, marital status, income bracket, age, and more. The researchers also discovered coded references to some information like title, gender, marital status, homeowner status, and dwelling type, vpnMentor reported.
The researchers stated the server was taken offline after they reported the issue to the owner of the database. “We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured,” the research team stated in a statement.
“Unlike previous leaks we’ve discovered, this time, we have no idea who this database belongs to. It’s hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner. The data includes uniform entries for more than 80 million households, making it almost impossible to narrow down. The only clue we found lay in people’s ages: despite searching thousands of entries, we could not find anyone listed under the age of 40,” the researchers added.
There are multiple incidents reported about unprotected databases. Recently, a misconfigured MongoDB database, managed by the Indian government healthcare agency, was left online without a password exposing more than 12.5 million medical records of pregnant women. The incident came into light after the security researcher Bob Diachenko identified and reported the data breach to the Indian Computer Emergency Response Team (CERT), which immediately took the server down. The Ministry of Electronics and Information Technology clarified that they secured the leaky server on March 29, 2019.
Diachenko stated that he first identified the leaky database on March 7, 2019, which belong to the Department of Medical, Health, and Family Welfare of a state in India, that contained sensitive medical information, including the test reports of the women who were pregnant women who underwent an ultrasound scan, amniocentesis, and other genetic testing of their unborn child in 2014.