A billion-dollar US firm caught exposing highly sensitive database online