80 Million American Households Exposed on an Unidentified Database

80 Million American Households Exposed on an Unidentified Database

An enormous security breach was discovered at the end of April affecting more than 80 million American households. It is yet another example in a string of breaches demonstrating the vulnerability of online database platforms. The owner of the database is yet to be identified and researchers at VPNMentor, who discovered the breach, are asking for assistance from the public to help them find the owner.

The good news is that the database did not contain credit card information, social security numbers or passwords. However, it was thoroughly unprotected, hosted on a Microsoft cloud server, and required no password to access the data files.

VPNMentor Found the Unprotected Database by Accident

Hacker experts at VPNMentor, Ran Locar and Noam Rotem found the database by accident. VPNMentor researchers were running a routine web mapping project, looking for holes in web systems. They were using a port scanning tool which locates weaknesses and finds data leaks. When they find a database with leaks, they typically contact the owner so immediate action can be taken to correct the problem. But in this case, the database did not identify its owner. Even though there is an IP address associated with this database, the researchers say it does not necessarily lead to its owner.

A Staggering Number of Households Were Exposed

The fact that 80 million US households were exposed in this breach is very troubling. This is almost 65 per cent of the entire number of American households. The database contains 24 gigabytes of highly detailed information, including full addresses, names, birth dates, ages, and residences.

The coded information which is contained in numerical values appears to relate to marital status, income, gender, and dwelling category. Since each database entry ends with “score” and “member code” and everyone listed appears to be over the age of 40, researchers believe that the database owner might be a mortgage, insurance or healthcare company. The fact that social security numbers are missing from the database, as well as payment information and account numbers, makes it unlikely that the owner is a bank or broker.

For now, the unsecured database is offline. Researchers did not download all the data, although they did verify some segments in the cache for accuracy. It was more important to protect the already exposed accounts from further invasion.

Hoping for Some Help from the Public

VPNMentor researchers stress that even though the database did not contain social security numbers or credit card information, there is still a significant risk of nefarious activities with the data that was exposed. Affected households are vulnerable to phishing scams, fraud, identity theft and possibly even home invasions since addresses are included. They sent out a plea to the public for assistance in identifying the owner of the database so that steps can be taken as soon as possible to secure the data.

This is not the first time Noam Rotem has been involved in uncovering a potentially serious data breach. Earlier this year, he discovered a very damaging vulnerability in the Amadeus online air travel booking system. The platform’s security vulnerability would have made it easy for hackers to access the database, alter customer bookings and steal airline mileage credits.

Reversing the Threat of WannaCry Cyber Destruction

Reversing the Threat of WannaCry Cyber Destruction

HolistiCyber Offers Protection Against WannaCry Ransomware

In May 2017 what is believed to be the biggest ransomware campaign yet hit hundreds of companies around the globe. Identified as a variation of WannaCry ransomware, it blocks access to the victim’s computer system and files and demands a payment of as much as US$300 per computer to unblock it. Once a single computer is infected with the ransomware, it searches for other vulnerable computers in the network and infects everything in its path. Because of vulnerabilities in Microsoft products after a Windows exploit was recently hacked from the NSA, the dangerous campaign is spreading at an astounding pace. In only a few hours more than 45,000 computers in at least 74 countries were infected.

Cyber Attacks Could Bring the World to Its Knees

This particular attack affected 16 UK hospitals to such an extent that they had to shut down work. In Spain over 85% of the country’s main telecommunications firm Telefonica was infected. These hackers are turning out to be a powerful global threat. With cyber attacks not only increasing in frequency but also in severity, it is becoming clear that significant investments in cyber defence technologies should be made. End-to-end holistic cyber security solutions have to be implemented to ensure safety from this massive threat.

World-Class Cyber Protection

HolistiCyber delivers integrated defence options with the express aim of keeping clients safe from highly sophisticated hackers. I co-founded the company in 2016 together with brigadier general Ran Shachor and former air force officer Moshe Ishay. All employees are former military intelligence, both Israeli and American. As a company, we focus on developing cyber solutions for advanced protection against cyber attacks on a wide variety of fields including the insurance industry, credit companies and more. Our main markets are the US and Europe. With a comprehensive service portfolio, HolistiCyber is equipped to identify, prevent and neutralize all major security threats.