{"id":15230,"date":"2019-05-01T09:10:05","date_gmt":"2019-05-01T17:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/05\/01\/news-8979\/"},"modified":"2019-05-01T09:10:05","modified_gmt":"2019-05-01T17:10:05","slug":"news-8979","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/05\/01\/news-8979\/","title":{"rendered":"Mysterious database exposed personal information of 80 million US households"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Wed, 01 May 2019 15:51:12 +0000<\/strong><\/p>\n

Word has broken of yet another massive data trove exposed for anyone to see<\/a>. A research team from vpnMentor discovered an exposed 24GB database<\/a> hosted on a Microsoft cloud server containing the addresses, income levels, and marital statuses of users within 80 million US households.<\/p>\n

As we\u2019ve seen recently, many organisations aren\u2019t taking steps to secure their customer data<\/a> and every so often one makes the news. Some may have been exploited while exposed; others will have been lucky.<\/p>\n

Occasionally, there\u2019s a quick takedown of the exposed information; sometimes it\u2019s nearly impossible to find out who, exactly, is responsible. At that point, the only option left is to ping someone like Microsoft to take that final step and hope they can do something about it.<\/p>\n

What’s the damage report?<\/h3>\n

Since 80 million US households<\/em> were sitting in this database, that means considerably more people could have been impacted. Across thousands of entries, the researchers couldn\u2019t find anyone listed under the age of 40.<\/p>\n

The exposed data included a mixture of coded information and non-coded information. Non-coded items included street addresses, cities, states, counties, zip codes, latitude and longitude coordinates, ages, dates of birth, and first\/last names along with middle initials. The data assigned a coded, numerical value contained information, such as marital status, income, gender, dwelling type, and homeowner status.<\/p>\n

Decoding the numbers<\/h3>\n

In practice, what the coded and non-coded entries mean is you could easily view someone\u2019s name or address, but something like gender or title is instead assigned a numerical value. Some of the information chained to coded values may not be possible to figure out: For example, \u201cIncome [1]\u201d or \u201cIncome [6]\u201d may be too obscure to put a salary range on it. However, if you see \u201cSteve\u201d and the gender assigned is \u201c[1]\u201d then it\u2019s probable that 1 = male on all their records.<\/p>\n

In this way, even where data is assigned a numerical code, you can piece together most of a person\u2019s profile. If the salary for people listed 70 and up is \u201c10\u201d, then 10 might be \u201cretired\u201d, \u201con a pension plan\u201d, or something similar.<\/p>\n

In fact, there\u2019s a lot of code-assigned sections alongside viewable data, so full street address + code for dwelling type + Google maps = a quicker and easier way to assign home-types to people listed then (say) target them with property-specific phish attacks or other social engineering tactics.<\/p>\n

What exactly is this database for?<\/h3>\n

Given the upper end of the ages listed in this database, they could well be more susceptible to these kind of tricks. The database was eventually taken offline by Microsoft, who have apparently notified the owner(s). Meanwhile, researchers have asked the public to try and help identify exactly who this data belongs to.<\/p>\n

They suspect it has some sort of financial service connection, such as insurance or mortgaging or perhaps healthcare. The specific age range shown in the data looks at might have suggested a form of dating app for older generations, except it makes no sense for it to focus on households rather than individuals. The geo-locational coordinates may associate this with some form of mobile app connection, as you\u2019d typically expect to see that via portable apps as opposed something filled in on the desktop.<\/p>\n

Time to play the waiting game<\/h3>\n

No matter the purpose of\u00a0 <\/span>the database, the good news is that it\u2019s currently offline. It also doesn\u2019t seem to be the case that it\u2019s been used maliciously\u2014for now, anyway. There isn\u2019t a huge amount anyone can do in this situation beyond advising to be wary of the usual social engineering scams.<\/p>\n

Ultimately, this database is large but also quite generic, with no way to say for sure exactly what it’s for. As a result, it\u2019s a case of being on your guard and keeping some common sense handy at all times.<\/p>\n

This isn\u2019t something to worry about for the time being, and hopefully this tale begins and ends with \u201csomeone needs to secure their data better.\u201d<\/p>\n

The post Mysterious database exposed personal information of 80 million US households<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Wed, 01 May 2019 15:51:12 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
A large database accessible online containing a huge amount of records has been found by researchers. The question is: who does it belong to, and what is it for?<\/p>\n

Categories: <\/p>\n