In another example of massive user privacy violations, researchers found that the independent addresses and demographic data of more than 80 million US households were placed in an unsecured cloud-based database.
These figures include names, age and gender, as well as income levels and marital status. Researchers, led by Noam Rotem, were unable to identify the database owner who is still online and do not require a password to access. Some of this information is codified, such as gender, marital status, and income level. Names, ages and addresses are not encoded.
The data do not include payment data or social security numbers. According to the Statist, 80 million affected households represent more than half of the United States households.
"I wouldn't want my data to be exposed," Rotem said in an interview with CNET. "[Esa información] I shouldn't be there. "
Rotem and his team have verified the accuracy of some cached data, but have not downloaded the data to minimize the privacy of those on the list.
This is another example of a widespread cloud storage problem that has revolutionized how valuable information is stored. Many organizations do not have the experience of protecting the data they store on servers connected to the Internet, resulting in repeated exposure to confidential data. At the beginning of April, the investigator found that information on patients from drug treatment centers was exposed to a dangerous database. Another researcherthird-party companies in another database that was publicly visible.
Unlike hack it is not necessary to enter the computer system to access the database that was left exposed. Just find the IP address, numeric code assigned to any webpage. However, there is no indication that cyber criminals have access to information in this particular database.
For the investigation, Rotem has become a partner of the Israeli company VPNmentor, which analyzes data protection productsand receive commissions when readers choose one they love. On a blog posted on Monday, the company called on the public to help identify who can own the data to be protected.
"The 80 million families listed here deserve privacy," the company said in its blog.
Rotem found that the data is stored in the Microsoft cloud service. Data security depends on the organization that created the database and not on Microsoft. "We announced the database owner and took the necessary steps to help the customer remove this data until they are properly insured," Microsoft's CNET spokesman said on Monday.
The server that hosted the data, according to Rotem, was uploaded to the web in June and discovered it in April with the tools he developed to search and catalog dangerous databases. In January, he also found a security bug in the widely used airline booking system, called Amadeus, which allowed the attacker to view and edit airline reservations.
The demographic information memory contains data on adults aged 40 and over. Many of the people on the list are elderly people who, according to Rotem, could jeopardize the fraudsters tempted to use this information to cheat them.
Editor's Note: This article was updated on April 29 at 12:16 pm. US Pacific Time to Add Comment from Microsoft and Learn About Cyber Security Research Team. The article has also been updated to reflect that the database has already been removed from the site.