A report from CyberNews revealed the discovery of an unsecured database comprising of over 800 GB of personal records of more than 200 million Americans. According to the research team,, the owner of the unprotected database is untraceable. It’s believed that the exposed data may have originated from the U.S. Census Bureau. Based on the data structure, it’s suspected that the database belonged to a data marketing company or a credit company.
Large Volume of Data Exposed
The exposed records contained full names and titles of individuals, email addresses, demographics, dates of birth, phone numbers, credit card ratings, home and mortgaged real estate addresses, detailed mortgage records and tax records, and detailed data profiles about people’s personal interests. In addition to this, the exposed data also contained two separate folders containing emergency call logs of the U.S. fire department and a list of 74 bike share stations.
Potential Threats from Data Leaks
It’s unclear how long the data was exposed online and if any malicious actors have accessed it. CyberNews reported that “On March 3, 2020, the entirety of the data present on the database was wiped by an unidentified party.” However, attackers might take advantage of the sensitive information and could launch targeted phishing attacks, engage in account takeover fraud, and even sell the stolen data on the dark web.
“The database is located in the U.S. and hosted on a Google Cloud server that has been exposed for an unknown period. When we last accessed the database before the wipe, it contained close to 800 gigabytes of data, including the hundreds of millions of records of highly sensitive personal user data that we outlined above. The database itself is still online and accessible but no longer contains any records,” CyberNews added.
Fate of the Exposed Data
The research team stated that they were unable to track the owner of the leaky database and opined that the unidentified party might be an ethical hacker who simply deleted the data to prevent cybercriminals from taking advantage of it. The team said, “After having spent several weeks looking for the owners of this unprotected database, we did not manage to discover who it belonged to before the unidentified party erased all the records and left a link to a website where a dancing pirate urges visitors to fix their security.”
The team was likely referring to an animated avatar of a “dancing pirate.”
