A cloud-based server hosted by Microsoft has compromised the personal and private data of around 80 million US citizens.
Details including full names, residential addresses and birth dates are among the items of data believed to have been put at risk in the incident.
The vulnerability was first found by two Israeli security researchers as they conducted work on a web-mapping operation with VPN review site, vpnMentor.
Besides the names and home addresses, the 24GB database also held encrypted information on individuals’ gender, marriage status, income brackets, and whether or not they have owned their own home.
The owner of the data stored on the server is not yet known, but an unknown agent did arrange the data by household instead of by individual. Each entry had with it a unique “member code” and “score” record.
In a statement, vpnMentor labelled the database “a goldmine for identity thieves and other attackers.” The information caught up in the incident could easily be used by cyber-criminals locate wealth individuals or focus on older, more vulnerable computer users.
It is not yet known if the information on the database is fully accurate, or whether hackers have actually got their hands on it. The server has now been taken from the public internet.
In a statement, Microsoft said:
“We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured.”
One of the research leaders who discovered the initial breach, Noam Rotem told CNET:
“I wouldn’t like my data to be exposed like this. It should not be out there.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/