Another day, another data breach – This time, an unknown company or individual has exposed personal and other highly sensitive data of people in the United States.
The unprotected database was hosted on a Google Cloud server exposed to the public without any security authentication. Simply put: the database was accessible to anyone with an Internet connection anywhere in the world.
Discovered by the IT security researcher Bob Diachenko from Comparitech; the data contained over 201 million records (201,162,598 to be precise). An in-depth analysis of these records revealed details like property and demographic information.
However, after further digging, researchers identified personal details and demographic information exposed to the public. This included:
The unprotected database further exposed the personal habits of individuals for instance if,
They Play golf
They own a pet
Their date of birth
They are a veteran
They own a credit card
They Donate to charity.
A full preview of the exposed information is available below:
According to Comparitech’s blog post, the database was identified on January 27th, 2020 while it was indexed by search engine BinaryEdge. Since its owner was unknown Diachenko contacted Google with his findings but never received any reply from the technology giant however on March 4th the database was taken online.
Although, it is unclear if the database was accessed by third-party with malicious intent, the fact that it remained exposed to the public for more than a month leaves little doubt on who might have accessed this trove of data.
This, as you may have expected, is not the first time when data on American households have been exposed online. In April last year, an unprotected cloud repository containing personal and financial information of more than 80 million US households was leaked online.
In December 2018, a database with over 73 gigabytes of data with personal records of more than 82 million Americans was exposed to the public. In June 2017, a marketing firm that was employed by the Republican National Committee accidentally exposed data belonging to 200 million US citizens. That is around 62% of the entire population of the US.