The safety of user data is usually a huge topic for debate because there are consistent attacks on “private” database. Recently, a group of researchers stumbled on an 800GB database which holds over 200 million detailed user records. Stumbling on such a database is not a problem, the issue here is that the database is not protected. This means that it is actually exposed to anyone that needs this information. However, the entirety of the database was wiped on March 3. The report from Lithuanian research group, CyberNews, claims that the profile appears to be US users. Individuals data on the database include full names and titles, email addresses, phone numbers, birthdates, credit ratings, home and mortgage real estate addresses, demographics, mortgage and tax records, and information about personal interests, and investments, as well as political, charitable, and religious donations.
“We were shocked by the sheer scale of the data exposed: The combination of personal, demographic and real estate asset data was an absolute goldmine for cybercriminals,” the CyberNews team says.
CyberNews believes that it belongs to the US Census Bureau
CyberNews team research reveals that the “main folder” data seem to originate from the US Census Bureau researchers report. They reported this to the US Census Bureau as a potential owner but there was no reply. CyberNews monitored this database for some months but it has reasons to believe that it was exposed for much longer.
Well, the good news is that attackers would need some basic technical knowledge to access this database. However, there are tons of intelligent attackers globally thus finding one with a “basic technical knowledge” shouldn’t be a problem.
The database actually holds three folders. The main folder has user information while the other two folders hold call logs of a US fire department and a list of some 74 Lyft bike stations. The other two folder does not have personal information. However, they contain call logs (date, time, location and other metadata) dating back to 2010.
“The presence of the folders that contained bike-sharing and fire department service call data was what confused us the most,” they say. “It’s possible the data in these two folders may have been stolen or was used by several parties at the same time”, the researchers hypothesize. Furthermore, “the structure of the data led us to believe that the database belonged to a data marketing firm, or a credit or real estate company,” the team says.
Phishers, scammers and other cybercriminals will certainly find such a database “incredibly useful”. As of now, the researchers do not know the owners of this database. However, many people (especially Americans) could presently be at risk of cybercrimes.