Update: Microsoft issued the following statement: “We notified the owner of the database and it is no longer publicly accessible.” The owner of the database was not identified.
It is scary enough that a team of Israeli security researchers discovered a massive unprotected database with the full names, ages, income brackets and marital status on more than 80 million U.S. households.
It may be just as scary that the researchers can’t identify the owner of this database, which is hosted by a Microsoft cloud server and includes a cache of 24GB of data, a potential goldmine for cybercriminals.
The researchers were led by Noam Rotem and Ran Locar, who teamed up with vpnMentor, a site that focuses on virtual private networks and web privacy.
“I wouldn’t like my data to be exposed like this,” Rotem said in an interview with CNET, the first mainstream outlet to go public with the news. “It should not be there.”
The team verified the accuracy of some of the data but made an ethical decision to not download the data to help protect the privacy of the individuals who may be affected.
Who owns the database?
vpnMentor is asking anyone who might be able to help them identify the owner of the database to contact them at firstname.lastname@example.org.
The site suspects that the database is owned by an insurance, healthcare, or mortgage company, although it says that information you’d expect to find in a database owned by brokers or banks is missing. For example, vpnMentor points out that there are no policy or account numbers, Social Security numbers, or payment types among the data.
While this is hardly the first time large scale data has been exposed – think Equifax, Facebook and numerous others – vpnMentor believes this is the first time a breach of this size has included peoples’ names, addresses, and income.
The potential risk may take many forms. One is a phishing attack in which a hacker can embed dangerous links inside emails that look like they come from legitimate financial institutions or other companies, leading in some cases to ransomware, where you’d have to pay a fee to reclaim your computer.
And just knowing your age and income level means an attacker can identify who among the 80 million families are the most vulnerable.
Read more at USA Today.