The CyberNews research team uncovered an unsecured database owned by an unidentified party, comprising 800 gigabytes of personal user information. The database in question was left on a publicly accessible server and contained more than 200 million detailed user records, putting an astonishing number of people at risk.
On March 3, 2020, the entirety of the data present on the database was wiped by an unidentified party.
The unsecured database contained a folder that included more than 200 million incredibly detailed records of what looked like profiles of US users.
The records contained, among other things:
- Full names and titles of the exposed individuals
- Email addresses
- Phone numbers
- Dates of birth
- Credit ratings
- Home and mortgaged real estate addresses, including their exact locations
- Demographics, including numbers of children and their genders
- Detailed mortgage and tax records
- Detailed data profiles, including information about the individuals’ personal interests, investments, as well as political, charitable, and religious donations
The database is located in the US and hosted on a Google Cloud server that has been exposed for an unknown period. When we last accessed the database before the wipe, it contained close to 800 gigabytes of data, including the hundreds of millions of records of highly sensitive personal user data that we outlined above. The database itself is still online and accessible but no longer contains any records.
In the best case scenario, the mysterious party was an ethical hacker who simply deleted the data because they couldn’t identify the owner. In the worst case scenario, however, the data has been copied and will be used by cybercriminals to its full destructive potential. Hopefully, it’s the former.