• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » Report: unidentified database exposes 200 million Americans

Report: unidentified database exposes 200 million Americans

by CyberNews Team
20 March 2020
in Security
4
guy coding
427
SHARES

The CyberNews research team uncovered an unsecured database owned by an unidentified party, comprising 800 gigabytes of personal user information.The database in question was left on a publicly accessible server and contained more than 200 million detailed user records, putting an astonishing number of people at risk.

On March 3, 2020, the entirety of the data present on the database was wiped by an unidentified party.

What was in the database?

The unsecured database contained a folder that included more than 200 million incredibly detailed records of what looked like profiles of US users.

Click HERE to see if your data has been leaked.

The records contained, among other things:

  • Full names and titles of the exposed individuals
  • Email addresses
  • Phone numbers
  • Dates of birth
  • Credit ratings
  • Home and mortgaged real estate addresses, including their exact locations
  • Demographics, including numbers of children and their genders
  • Detailed mortgage and tax records
  • Detailed data profiles, including information about the individuals’ personal interests, investments, as well as political, charitable, and religious donations

Example of leaked records:

list of blured leaked records

It seems that much of the data on the main folder might have originated from the United States Census Bureau. Certain codes used in the database were either specific to the Bureau or used in the Bureau’s classifications.

In addition, the database contained two additional folders that were seemingly unrelated to the mass of personal records we found in the main folder. These folders included the following data:

  • Emergency call logs of a fire department based in the US
  • A list of some of the 74 bike share stations that used to belong to a bike share program. The current owner of those bike share stations is Lyft.

While the two smaller folders did not contain any personal information, the call logs from the fire department included dates, times, locations, and other emergency call metadata dating as far back as 2010.

Example of leaked fire department call logs:

blured example of leaked fire department call logs

The presence of the mapped bike share station locations and the call logs of the fire department may have indicated that the database might have been either a collection of stolen data or was used by several parties simultaneously, but we were unable to positively confirm this.

Due to how the data in the main folder was structured, however, our analysts suspect that the database belonged to a data marketing firm or a credit company. For example, categories and sections were marked as codes in a fashion similar to dictionaries used by data marketers, there were no social security numbers, and all the data profiles we looked at included credit scores.

Who had access?

The database is located in the US and hosted on a Google Cloud server that has been exposed for an unknown period. When we last accessed the database before the wipe, it contained close to 800 gigabytes of data, including the hundreds of millions of records of highly sensitive personal user data that we outlined above. The database itself is still online and accessible but no longer contains any records.

While it’s unclear if any malicious actors have accessed the database before the wipe on March 3 or if the data was erased by a blackhat hacker, anyone who knew where to look could have accessed the data, without needing any kind of authentication.

What’s the impact?

It’s difficult to understate the massive effect this data leak can have on hundreds of millions of people in the US. The data exposed by the unidentified party is a virtual gold mine for anyone with a penchant for cybercrime.

Merely selling these records on darknet marketplaces at the below-average asking price of $1 per record would net the seller about $200 million. If utilized by cybercriminals to its full destructive potential, however, this data leak can result in untold billions in damages for defrauded users:

  • Scammers can use the names, email addresses, phone numbers, and other private details of the affected users for a wide variety of fraudulent schemes.
  • Spammers and phishers can utilize the vast amount of contact details in order to launch targeted attacks against the exposed users on multiple fronts, such as emails and text messages.
  • While the database does not contain social security numbers that would let credit card fraudsters engage in outright identity theft, the amount of personal details available in these records is perfect for profiling, impersonation, and other forms of social engineering.

What happened to the data?

After having spent several weeks looking for the owners of this unprotected database, we did not manage to discover who it belonged to before the unidentified party erased all the records and left a link to a website where a dancing pirate urges visitors to fix their security. This means that as of this moment, the ultimate fate of more than 200 million US user records is unclear.

In the best case scenario, the mysterious party was an ethical hacker who simply deleted the data because they couldn’t identify the owner. In the worst case scenario, however, the data has been copied and will be used by cybercriminals to its full destructive potential. Hopefully, it’s the former.

Share425TweetShareShare

Related Posts

Covid-19 vaccine

Covid vaccines are now an excuse to launch phishing attacks

22 January 2021
MyFreeCams data leaked on hacker forum

MyFreeCams hack: 2 million user records stolen from top adult streaming site and sold on hacker forum

21 January 2021
Nohow International leaks sensitive worker data

12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency

19 January 2021
Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Next Post
coronavirus spread map on phone

Coronavirus is testing the tech sector to its breaking point

Comments 4
  1. Newton Heideman says:
    10 months ago

    Did these retarded database monkeys work for Equifax too?

    Reply
  2. Blackhat Wannabe says:
    10 months ago

    Sounds like unsubstantiated fear mongering BS.

    Reply
  3. Penny Joy says:
    10 months ago

    Since your article states “May have originated from US Census” and “did not manage to discover who it belonged to” then I recommend caution in who were the owners. What’s to say the original owner swiped their own database? I’m not convinced the US Census is collecting email addresses and credit card information.

    Reply
  4. Disturbed says:
    10 months ago

    Amazing article, horrible leak.

    Reply
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83026 shares
    Share 83016 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • 8 best cybersecurity podcasts for 2021

    56 shares
    Share 56 Tweet 0
  • Best alternatives to Gmail to protect your privacy

    427 shares
    Share 427 Tweet 0
  • 5-Eyes, 9-Eyes, and 14-Eyes agreement explained

    45 shares
    Share 45 Tweet 0
Elon Musk

Elon Musk to offer $100 million prize for ‘best’ carbon capture tech

22 January 2021
Is there life on Mars?

Is there life on Mars?

22 January 2021
Covid-19 vaccine

Covid vaccines are now an excuse to launch phishing attacks

22 January 2021
Alphabet shutting Loon, which used balloon alternative to cell towers

Alphabet shutting Loon, which used balloon alternative to cell towers

22 January 2021
what is wireguard

WireGuard protocol: everything you need to know

22 January 2021
Parler loses bid to require Amazon to restore service

Parler loses bid to require Amazon to restore service

22 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!