A security researcher has uncovered a large trove of data containing 22GB of personal data belonging of US citizens
The researcher who goes by the Twitter name “Lynx”, discovered that the database is hosted on a computer with a Chinese IP address, to which the database has been tracked back to the Florida-based firm “CheckPeople.com”.
CheckPeople is a service which allows users to search for information about anyone, easily allowing users to locate both public and criminal records.
The company has not been careful with how and where it is hosting the data, with the database being found unprotected and accessible by anyone online. In addition, CheckPeople has previously been criticised for hosting people’s data on Chinese servers, which according to local news allows the Chinese authorities to have access to the data.
The database contains the personal details of 56.25 million US citizens, including names, home addresses, phone numbers and ages.
The contents of the database has most likely been scraped from public records. Essentially, CheckPeople has aggregated public records and its exposure has made the information even more easier to crawl and process.
“In and of itself, the data is harmless, it’s public data, but bundled like this I think it could actually be worth a lot to some people,” Lynx told The Register. “That’s what scares me, when people start combining these with other datasets.”
Numerous attempts to contact staff from CheckPeople by Lynx and The Register have been made, but there still has been no response. The customer-support call center told The Register to email the company, but the emails have been ignored.
The database was taken offline a few days later without an official notice.
An attorney for CheckPeople told The Register on Friday: “CheckPeople is unaware of any database of information hosted in China or through Alibaba. CheckPeople’s records are stored in the United States on secure servers. However, CheckPeople takes security issues very seriously and is investigating this matter.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/