Personal details of 80 million US households exposed on unsecured Microsoft cloud server
Security researchers have discovered an unprotected database stored on a Microsoft cloud server. The 24GB database includes personal information about 80 million households across the US.
The researchers from vpnMentor were working on a web mapping project when they made the discovery. They say that as the database they found left out in the open relates to American households which include multiple residents, the data breach could potentially affect hundreds of millions of people.
The discovery was made by "hacktivists" Noam Rotem and Ran Locar. The unprotected database they stumbled across could impact as many as 65 percent of US households. The data included is quite wide-ranging, including full names, income brackets, ages, marital status, addresses and much more -- more than enough to steal identities or conduct advanced phishing campaigns.
While it is not clear where the data comes from, vpnMentor says there is a "real hint that this database belongs to some kind of service" due to the fact that every entry includes "member_code" and "score" fields.
As the database was hosted on a Microsoft cloud server, the company knows its origins, but isn't revealing anything. In a statement given to the Register, the company said simply: "We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured".