Massive Data Exposure Affects Over 200 Million US Citizens
In a significant breach of security, more than 200 million records containing sensitive information about US residents were left unprotected in an unsecured online database. The database, hosted on Google Cloud, required no password or authentication for access, making it vulnerable to potential exploits. The incident raises serious concerns about data privacy and cybersecurity safeguards.
The exposed data includes a wide array of personal and demographic information, such as names, addresses, email addresses, ages, genders, ethnicities, employment details, credit ratings, investment preferences, incomes, net worths, and property-specific information. Among the property-related data were critical details such as market values, mortgage amounts, refinancing information, previous ownership records, construction years, the number of bedrooms and bathrooms, and tax assessment details.
Security firm Comparitech has been investigating the breach, revealing that the database was first indexed by the search engine BinaryEdge on January 26. It was subsequently discovered by cybersecurity researcher Bob Diachenko just a day later. Despite efforts to identify the database’s owner, it took over a month for the server to be taken offline, leaving users’ information exposed during that period.
The database contains 201,162,598 records, each linked to a unique individual. During the investigation, Comparitech noted that the database appeared to be actively updated, indicating that the data was relatively current. This raises alarming questions regarding the entity responsible for collecting and storing such a vast quantity of detailed personally identifiable information.
While it remains unclear whether unauthorized parties have accessed the database, the potential for spear-phishing campaigns is heightened. Comparitech has warned that the availability of such comprehensive personal, demographic, and property data provides cybercriminals with valuable resources to craft targeted phishing messages, increasing the risk of successful attacks.
In light of this breach, it is essential for users to implement two-factor authentication as an additional layer of security. The incident highlights ongoing vulnerabilities in cloud security, as previous breaches involving exposed servers have garnered attention in recent months. Notable cases include unauthorized access to personal information of Ecuadorian citizens, Russian residents, and US government personnel, underscoring the persistent risks associated with cloud data management.
The tactics and techniques potentially utilized in this breach may align with the MITRE ATT&CK framework. The adversaries likely exploited initial access techniques, taking advantage of the unsecured nature of the database. Persistence may have been achieved by maintaining the database on a widely used cloud infrastructure, while privilege escalation could have been attempted during the exploration of the data environment.
The incident serves as a stark reminder for business owners about the critical importance of robust cybersecurity measures. With increasing reliance on cloud technology, organizations must continually evaluate their data protection strategies to mitigate risks associated with emerging threats in the digital landscape.
