Major data breach exposes database of 200 million users
800GB of personal user information was left unsecured online
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security analysts atCyberNewshave discovered anunprotected databaseonline which contains over 800GB of personal information including detailed records on over 200m US users.
The records stored in the unsecured database contained the full names and titles of the exposed individuals, email addresses, phone numbers, dates of birth, credit ratings, home addresses, demographics including numbers of children and their genders, detailed mortgage and tax records and other personally identifiable information.
Based on its analysis of the database, CyberNews believes that much of the data it contained may have originated from theUS Census Bureau. This is because certain codes used in the database were either specific to the bureau or are used in the bureau’s classifications.
The database in question is located in the US and was hosted on aGoogle Cloudserver which was exposed for an unknown period. At the beginning of March, all of the records contained in the database were wiped by an unidentified party. However, the empty database is still online and is accessible without any type of authentication.
Exposed records
CyberNewsalso discovered two other folders which were unrelated to the personal records found in the main folder on the database. These folders contained emergency call logs from a fire department in the US as well as a list of 74 bike share stations that is now owned by Lyft.
While the two smaller folders did not contain any personal information, the call logs from the fire department included dates, times, locations and other emergency callmetadatafrom as far back as 2010. These two seemingly unrelated data sets may indicate that the database was a collection of stolen data or was used by several parties simultaneously.
However, the security analysts suspect that the database belonged to a data marketing firm or a credit card company based on how the data in the main folder was structured.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Although the database has since been wiped, it contents could have been downloaded by a malicious actor andCyberNewsexplained how those whose data has been exposed could be affected, saying:
“If the data was stolen by a malicious actor, the consequences for more than 200 million US users may be immense. Merely selling these records on darknet marketplaces at the below-average asking price of $1 per record would net the seller about $200 million. If utilized by cybercriminals to its full destructive potential, however, this data leak can result in untold billions in damages for defrauded users.”
If you’re worried that your data may have been exposed, you cancheck hereto see if it was.
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Washington state court systems taken offline following cyberattack
Is it still worth using Proton VPN Free?
Google Pixel 9 vs Samsung Galaxy S24: which base model is better?
