Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security United States

Cloud Database Removed After Exposing Details on 80 Million US Households (cnet.com) 51

The addresses and demographic details of more than 80 million US households were exposed on an unsecured database stored on the cloud, independent security researchers have found. From a report: The details listed included names, ages and genders as well as income levels and marital status. The researchers, led by Noam Rotem and Ran Locar, were unable to identify the owner of the database, which until Monday was online and required no password to access. Some of the information was coded, like gender, marital status and income level. Names, ages and addresses were not coded. The data didn't include payment information or Social Security numbers. The 80 million households affected make up well over half of the households in the US, according to Statista. "I wouldn't like my data to be exposed like this," Rotem said in an interview with CNET. "It should not be there." Rotem and his team verified the accuracy of some data in the cache but didn't download the data in order to minimize the invasion of privacy of those listed, he said.
This discussion has been archived. No new comments can be posted.

Cloud Database Removed After Exposing Details on 80 Million US Households

Comments Filter:
  • by fluffernutter ( 1411889 ) on Monday April 29, 2019 @03:15PM (#58512130)
    Soon there won't be any point to corporate cybersecurity because all the information on everyone will be out there anyway.
  • by rsborg ( 111459 ) on Monday April 29, 2019 @03:20PM (#58512158) Homepage

    It's really unclear a) who owned the database and b) since no one is identified as the one who compiled the data, who is trying to figure out where this data came from.

    The article references Microsoft, but clearly they were just the iPaaS provider.

    Finally, there's a big "VPN provider" pushing their services (fine by me, but still a promotion). What gives?

    • Good, I was not the only one. I read the article twice but was unable to determine who owned it. I'm betting it's a big name company who ran it due to the number of records.
    • by mysidia ( 191772 ) on Monday April 29, 2019 @03:33PM (#58512260)

      Ironically.... they compromised 80 million peoples' personal data, BUT the name of the company that did this will probably be kept secret for
      "Privacy Reasons"

      We need some changes to the law.

      • Ironically.... they compromised 80 million peoples' personal data, BUT the name of the company that did this will probably be kept secret for "Privacy Reasons"

        We need some changes to the law.

        On what do you base this?

        All 50 US states require disclosure of such breaches. Even if you are concerned that some states are more lax than others, there is a redacted record for someone in California shown in the original source, and California is not soft on this kind of thing.

    • by Anonymous Coward

      The database had to belong to someone; Microsoft (whose cloud this was on) almost certainly has a credit card on file for the entity which put the data online.

  • by BringsApples ( 3418089 ) on Monday April 29, 2019 @03:23PM (#58512186)

    All of these exposed databases, just floating around the net. It's like ...FaceBook.

  • it was on a russian based server...

  • by chispito ( 1870390 ) on Monday April 29, 2019 @04:03PM (#58512408)
    TFA and the source of the story [vpnmentor.com] both mention that this only appears to includes people ages forty and up. This seems to be the most interesting point in trying to figure out where the data originated.
    • by Anonymous Coward

      Sounds like AARP.

    • by ffkom ( 3519199 )
      So it is probably the list of those who are planned to be renewed in the first rite of the Carousel. Better look at your palm if your clock is ticking!
  • Rotem and his team verified the accuracy of some data in the cache but didn't download the data in order to minimize the invasion of privacy of those listed, he said.

    How exactly do you verify the accuracy of some data in the cache without actually downloading it?

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Working...