From Elon Musk and Kylie Jenner to Britney Spears, Donald J. Trump, and Floyd Mayweather, real estate records of top celebrities and common homeowners were exposed online without any security authentication or password.
Cybersecurity researcher Jeremiah Fowler discovered and alerted VPNMentor to an unprotected database associated with the New York-based online platform Real Estate Wealth Network. The exposed database held 1.5 billion records, including real estate ownership data for millions of individuals.
With a size of 1.16 TB (1,523,776,691 records in total), the database featured organized folders containing information on property owners, sellers, investors, and internal user logging data. It encompassed daily logging records spanning from 4/22/23 to 10/23/23, revealing internal user search data.
Founded in 1993 by Cameron Dunlap, Real Estate Wealth Network provides education and resources for real estate investing. The platform charges an annual, non-refundable fee of $1,450, granting access to an extensive collection of data, including online courses, training materials, a community, and mentorship/coaching from experienced professionals.
Upon examination, Fowler discovered that the purported property ownership data of well-known individuals such as Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk & Associates LLC, Dolly Parton, Donald J. Trump, Mark Wahlberg, and Nancy Pelosi was included in the exposed database.
The online exposure of celebrities’ home addresses could pose various risks, including threats to their safety, invasion of privacy, stalking, and harassment by fans or malicious individuals.
“The data was organized in various folders according to property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgments, obituary (death), vacant properties, and more,” VPNMentor’s blog post read.
Whether famous or not, everyone is at risk because real estate tax data, containing details on property ownership, assessed property values, tax assessment history, and property tax payment history, can be exploited by criminals to collect personal information about property owners.
Threat actors can leverage the data to target users through social engineering or phishing attacks, aiming to acquire financial or other personal information. The exposure of records indicating whether an individual purchased their house with cash, without a mortgage loan, or if they have fully paid off their mortgage, may heighten the risk of financial fraud.
Property and mortgage fraud continue to be pressing concerns, with the FBI reporting 11,578 cases resulting in $350 million in losses within a single year, reflecting a 20% increase since 2017. Property fraud typically involves stealing a homeowner’s identity and forging ownership documents.
Although the exposed database has been secured from public access, a representative from Real Estate Wealth Network has confirmed ownership. The duration of the exposure and potential unauthorized access remain unclear. Only an internal forensic audit could ascertain whether the records were accessed, extracted, or downloaded.
This incident serves as a stark reminder of the potential misuse of readily available information for fraudulent activities. Property owners should exercise caution when sharing personal information, particularly in response to unsolicited requests for property details. Understanding the risks associated with semi-public data is crucial for safeguarding assets.