Mystery database with 80M US household data records found on Microsoft cloud server
Security researchers have uncovered an exposed database with details of 80 million U.S. households, but in a mysterious twist, they have no idea who it belongs to or where it came from.
Found by researchers from vpnMentor, the database was discovered exposed to all and sundry on a Microsoft Corp. Azure cloud instance. The data, which cover 65% of U.S. households, included full address, GPS details, age and date of birth information, marital status, income, homeowner status and dwelling type.
The researchers noted that they were attempting to track down the owner while noting that this is potentially one of the largest data breaches of its type in history. “We believe that it is the first time a breach of this size has included peoples’ names, addresses, and income,” the researchers said.
Given that the database includes all that information, the researchers rightly noted it is potentially a goldmine for identity thieves and other attackers.
“Unfortunately, this type of breach is no longer unusual, but it is unusual to not know who owns the exposed data,” Tim Erlin, vice president, product management and strategy at Tripwire Inc., told SiliconANGLE. “Until we understand who the owner is, we’re limited to generalizations about this exposure.”
After so many similar incidents, he said, it’s clear that organizations don’t have control over access to their data stored in the cloud.
“It’s not for a lack of tools, but a lack of understanding and implementation of the available tools,” Erlin said. “If you are storing data in the cloud, you can and should be able to audit the access permissions for that data on a continuous basis.”
VpnMentor is asking for assistance in identifying the owner of the database. “What service is used by 80 million homes across the U.S. – but only the U.S. – and only by people over 40? What service would collect your homeowner status and dwelling type but not your social security number? And what service records that you’re married but not how many children you have?” the company asked.
If you can answer those questions, the company wants to hear at its email firstname.lastname@example.org.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.