Exposed database holds sensitive data on over 80 million US households

Just who owns the database is a mystery.

Sponsored Links

Jon Fingas
April 29, 2019 1:48 PM
mikkelwilliam via Getty Images
mikkelwilliam via Getty Images

Large-scale database exposures are sadly nothing new, but they're particularly worrisome when there isn't even a clear owner. Researchers Ran Locar and Noam Rotem have found an unguarded database hosted on a Microsoft server that holds sensitive info for more than 80 million US households (over half of the 128 million in the US), but doesn't have a clear owner. The data includes full names, addresses and locations, as well as coded content like gender, income, dwelling type, homeowner status and marital status.

There are only a few clues as to what the data is for. Everyone in the database is over 40, and the presences of "member_code" and "score" in each entry suggests this is for a service. The emphasis on household info and residences suggests that the database might belong to a home-oriented company. It's relatively recent, at least -- Rotem told CNET that the server hosting the info came online in February.

Microsoft has declined to comment, although it's not strictly up to that company to lock down the info since it's merely the host. It can reach out to the customer, but it's not clear if that has happened.

Whoever's responsible for the data, it's still a serious privacy breach. If people with malicious intent discovered the database, they could use it for fraud, stalking or even break-ins. This also underscores the fragility of personal data. It's only secure if a company wants it to be, and users frequently aren't told how their data is stored. In some cases, the only safeguard is obscurity.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget