Article from TechRadar. Full article here.
Security analysts at CyberNews have discovered an unprotected database online which contains over 800GB of personal information including detailed records on over 200m US users.
The records stored in the unsecured database contained the full names and titles of the exposed individuals, email addresses, phone numbers, dates of birth, credit ratings, home addresses, demographics including numbers of children and their genders, detailed mortgage and tax records and other personally identifiable information.
Based on its analysis of the database, CyberNews believes that much of the data it contained may have originated from the US Census Bureau. This is because certain codes used in the database were either specific to the bureau or are used in the bureau’s classifications.
CyberNews also discovered two other folders which were unrelated to the personal records found in the main folder on the database. These folders contained emergency call logs from a fire department in the US as well as a list of 74 bike share stations that is now owned by Lyft.
While the two smaller folders did not contain any personal information, the call logs from the fire department included dates, times, locations and other emergency call metadata from as far back as 2010. These two seemingly unrelated data sets may indicate that the database was a collection of stolen data or was used by several parties simultaneously.
“If the data was stolen by a malicious actor, the consequences for more than 200 million US users may be immense. Merely selling these records on darknet marketplaces at the below-average asking price of $1 per record would net the seller about $200 million. If utilized by cybercriminals to its full destructive potential, however, this data leak can result in untold billions in damages for defrauded users.”