SAN JOSE, Calif. (KTVU) - In a data breach that could impact hundreds of millions of US citizens, security researchers have uncovered a mysterious database with personal information of around 80 million American households lying exposed on a Microsoft cloud server.
The discovery was reported Monday by Ran Locar and Noam Rotem, security researchers at vpnMentor, a website that reviews VPN services and web privacy tools.
The 24 GB database includes full names, home addresses, latitude and longitude, age, date of birth, gender, marital status, income, homeowner status, and dwelling type. While data breaches are growing increasingly common these days, this discovery is particularly unusual as nobody knows who the data belongs to. All the database entries are of users aged over 40, the researchers say.
The data could be used to do identity theft, phishing and ransomware attacks, the researchers say. The data presents real world dangers as well – as attackers could pull up social media profiles of users to figure out if they are away from home.
“The thief not only knows where you live, they also now know that you’re far away from home so the house is probably empty. They can also see your income, so can approximate the value of your home contents. You just became a prime target for attack,” the report states.
The researchers say that this database likely belongs to some kind of service – like an insurance, healthcare, or mortgage company. VpnMentor is calling on the public to help identify the database and close the leak, which they say is a goldmine for identity thieves and other attackers.