Exposed database holds sensitive data on over 80 million US households

Just who owns the database is a mystery.

Large-scale database exposures are sadly nothing new, but they're particularly worrisome when there isn't even a clear owner. Researchers Ran Locar and Noam Rotem have found an unguarded database hosted on a Microsoft server that holds sensitive info for more than 80 million US households (over half of the 128 million in the US), but doesn't have a clear owner. The data includes full names, addresses and locations, as well as coded content like gender, income, dwelling type, homeowner status and marital status.

There are only a few clues as to what the data is for. Everyone in the database is over 40, and the presences of "member_code" and "score" in each entry suggests this is for a service. The emphasis on household info and residences suggests that the database might belong to a home-oriented company. It's relatively recent, at least -- Rotem told CNET that the server hosting the info came online in February.

Microsoft has declined to comment, although it's not strictly up to that company to lock down the info since it's merely the host. It can reach out to the customer, but it's not clear if that has happened.

Whoever's responsible for the data, it's still a serious privacy breach. If people with malicious intent discovered the database, they could use it for fraud, stalking or even break-ins. This also underscores the fragility of personal data. It's only secure if a company wants it to be, and users frequently aren't told how their data is stored. In some cases, the only safeguard is obscurity.