Security researchers discover an exposed server with private data on 80M US households

Pixabay via dlohner. Click for original. (Image credit: Pixabay via dlohner)

A pair of security researchers say they have discovered a "hack" that affects 80 million American households, by way of information contained on an unsecured cloud server hosted by Microsoft on its Azure cloud platform.

The researchers did not get into the specifics of the hack, but did say that the 24GB database in question contains a wealth of private information, including full names, addresses, ages, dates of birth, marital statuses, what income bracket those affected fall into, and even the exact longitude and latitude of their location.

As far as the researchers are concerned, the open database is a veritable "goldmine for identity thieves and other attackers."

"This isn’t the first time a huge database has been breached. However, we believe that it is the first time a breach of this size has included peoples’ names, addresses, and income," the researchers stated in a blog post.

Noam Rotem and Ran Locar are the researchers who initially discovered the unprotected database. They then shared the their finding with vpnMentor, a site that reviews virtual private networks (VPNs).

"Although we investigated the database online, we didn’t download it. Our researchers felt that downloading it would be an ethical breach, as they would then illegally own personally identifiable data sets without peoples’ consent," vpnMentor stated.

According to vpnMentor, this is not a run-of-the-mill situation, as far as data breaches go. What makes this different is the number of people it potentially affects. There are around 127 million households in the US, and the data contained on the unsecured server represents over 62 percent of them. That potentially equates to hundreds of millions of individuals.

"I wouldn't like my data to be exposed like this," Rotem told CNET. "It should not be there."

Unfortunately, it's not clear who the server belongs to. It seems to me that Microsoft should be able to provide them with that info, though.

In the meantime, the researchers suspect it's a service of some kind—most likely an insurance, healthcare, or mortgage company—and are seeking help in identifying it. One clue that may help them find the owner is that most of the people listed in the database are at least 40 years old, many of them elderly. This is also concerning—Rotem points out that scammers could use this information to defraud them.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).