Cloud has turned out to be the need of the hour. However, it is not as safe as you think. Yes, according to a report, a cloud server has been leaking the personal information of 80 million US households. The details included full names, age, gender, address, marital status, and even income level. The pair of security researchers, Noam Rotem and Ran Locar found the database on a Microsoft cloud server. Information like gender, marital status, and income level was coded while Names, ages, and addresses were not coded.
`The owner of 24-gigabytes database on the server is unknown’, the researchers said. It is still not clear what the purpose of the data is. However, the puzzling party is decided to analyze all the information by households, instead of individuals. Each entry was also accompanied by a “score” and “member_code” entry
Rotem and Locar said that “these sensitive details could help hackers to get access to related accounts, like emails addresses, by using full names’’. “This public-accessed information is a goldmine for identity thieves and other attackers’’, he added. Noam Rotem said in an interview, “I wouldn’t like my details to be exposed like this.’’
As per the vpnMentor, “Interestingly, value for people’s income is given (however, we don’t know if it’s a code for an internal ranking system, a tax bracket, or an actual amount)”. “This made us suspect that the database is owned by insurance, healthcare, or mortgage company. However, information one may expect to find in a database owned by brokers or banks is missing. For example, there is no policy or account numbers, social security numbers, or payment types,” he added further. Rotem verified the accuracy of some database in the cache but didn’t download the data to minimize the privacy.
Why It Stand Out?
It is not the first time when a database has been breached, but this leaked data stands out for many reasons. Firstly, all the entries in the database are of people who are fewer than 40, this is being the only reason for information connecting to all the individual approximately 80 million American households.
Secondly, every entry in the exposed collection comes with an “income’’ and “house owner’’ tag which could be related to “an actual amount’’, an internal ranking system, “or a tax bracket’’.
“This means that the information found in the database is owned by a mortgage or insurance company’’ stated by the vpnMentor report. There is no particular information on payments, account numbers, or social security numbers.
But before you get stressed, it is not clear how accurate all the details inside the database is. Microsoft said in a statement, “we have informed the owner of the database and taking suitable steps to help the customer to delete the data until it can be properly secured’’. This incident is another example of the failing online server having records of a million people.
Nevertheless, a few experts have a firm belief that people shouldn’t be bothered about this data leak. John Gunn, the CMO of one span, told SecurityWeek, “This is not a goldmine for identity thieves, or even of significant note. It does not contain any payment card information, no social security numbers, no passwords, not even any email addresses. It would have very limited value on the dark web.”