An unsecured database on Microsoft servers holds information on over 80 million households...

Posted:
in General Discussion
Security researchers have reportedly uncovered an unsecured database containing the details of over 80 million U.S. households, including names and addresses.

Smartlock


The database is hosted on a Microsoft cloud server, but its owner is unknown, according to vpnMentor. Other exposed details include ages, incomes, birthdays, and marital status, though some aspects -- such as income -- are coded, meaning they'd have to be interpreted. Names, ages, and addresses are out in the open.

Credit cards and Social Security numbers are absent, but the included data could potentially be used to commit identity fraud.

All of the listed people are over 40, many of them senior citizens.

The vpnMentor researchers are asking for help identifying the responsible party. Researchers said they suspect the database is owned by an insurance, healthcare, or mortgage firm, but it's missing data that brokers and banks would normally need, such as account numbers and payment methods.

Exposed databases have become a concern for researchers and the public alike, thanks in no small part to security breaches at companies like Yahoo, Facebook, and Equifax. Facebook has admitted to multiple such breaches, most recently a March incident where "hundreds of millions" of plain-text passwords were found unprotected on internal servers.

Comments

  • Reply 1 of 14
    Oncoming Identity Theft apocalypse in 3... 2... 1....
    racerhomie3cornchipwatto_cobra
  • Reply 2 of 14
    dws-2dws-2 Posts: 276member
    Some days I'm not sure if we can trust big companies not to expose all our data.
    cornchipwatto_cobra
  • Reply 3 of 14
    bonobobbonobob Posts: 313member
    It would be nice if those researchers would just go delete all that data. If the owners don’t have a back up for it, too bad.
    olsdysamorialeftoverbaconwatto_cobrajony0
  • Reply 4 of 14
    nodtmfnodtmf Posts: 8member
    Sounds like a phonebook...that has our names and addresses....ever since Equifax we’ve been screwed anyway.
    cornchipdysamoriawatto_cobra
  • Reply 5 of 14
    metrixmetrix Posts: 256member
    With the so called FREE ID THEFT MONITORING likely a billion dollar business sprouting all over, I am suspicious of companies creating "accidental" releases so that they can turn it into $10/month of monitoring for all those people that forget they are paying for it after the first year free. 
    SoliSoundJudgmentmac_dogolscornchiprazorpitwatto_cobra
  • Reply 6 of 14
    Don't know who owns the database? Lock it behind a password and you'll find out quickly. If nobody complains, delete it.

    There is a famous old story about TWA, their corporate computer system was bogged down and needed a multi-million dollar upgrade. They did an analysis and the bulk of the data processing was printing huge reports, some of them a foot tall of folded computer paper. Someone had a bright idea, they announced that all the report printers were down, and no reports would be available until further notice. They waited for complaints, it turns out only 5% of the users called to demand urgent reports. The other 95% were just using the huge reports to sit on their desk to make themselves look important. That 95% was banned from future reports and the upgrade was no longer necessary.
    edited April 2019 razorpitbonobobleftoverbaconwatto_cobrajony0
  • Reply 7 of 14
    burnsideburnside Posts: 17unconfirmed, member
    Names and addresses! Next thing you know they'll just print the information in a big book and give it away


    leftoverbaconwatto_cobrajony0
  • Reply 8 of 14
    Detailed information on 80 million people in the USA, but only those over the age of 40? Who could it be:
    - Everyone who shared facebook posts during 2016 election that were really tied to a data-mining app.
    - People on the AARP mailing list (current, former, and prospective members).
    - Everyone who has the password 123456 on their america online account, and still uses it.
  • Reply 9 of 14
    chasmchasm Posts: 2,416member
    Make All Databases Encrypted By Law Again
  • Reply 10 of 14
    MplsPMplsP Posts: 3,496member
    I work in healthcare and organizations get fined not just for actual data breaches but if it's discovered that there was a potential for a data breach because of failure to use encryption, etc. It's time we do the same thing for corporations. 
    dysamorialeftoverbacon
  • Reply 11 of 14
    Mike WuertheleMike Wuerthele Posts: 6,345administrator
    nodtmf said:
    Sounds like a phonebook...that has our names and addresses....ever since Equifax we’ve been screwed anyway.
    FTA: "Other exposed details include ages, incomes, birthdays, and marital status"

    So, no on the first part, but agree with the second.
    dysamoriawatto_cobra
  • Reply 12 of 14
    dysamoriadysamoria Posts: 3,430member
    dws-2 said:
    Some days I'm not sure if we can trust big companies not to expose all our data.
    Some days? You’re amazingly optimistic. 
  • Reply 13 of 14
    dysamoriadysamoria Posts: 3,430member
    metrix said:
    With the so called FREE ID THEFT MONITORING likely a billion dollar business sprouting all over, I am suspicious of companies creating "accidental" releases so that they can turn it into $10/month of monitoring for all those people that forget they are paying for it after the first year free. 
    How does a conspiracy theory get six votes on a short comment thread? The most likely explanation for this unsecured database is simple incompetence. It usually is.
  • Reply 14 of 14
    Wonder if this could be a data extract/query (age .GE. 40) that is a subset of a larger data table with a larger range of ages? Maybe the larger data table is also unsecured, but the investigators just haven't found the larger table. Hope the larger table is not a customer or prospect list for a large retailer, state agency, federal agency, charity or software firm... Over 40? Maybe marketing anti-aging products... A political party's robocall list (for calls tailored to views popular with those over 40)? People who might have been exposed to a particular health risk, due to age (maybe a defective vaccine or other medication)?
    edited April 2019
Sign In or Register to comment.