Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Unsecured Database Exposes Personal Data of 35M U.S. Citizens
#1
https://news.softpedia.com/news/unsecure...3651.shtml        Unsecured Database Exposes Personal Data of 35M U.S. Citizens
Comparitech stumbles upon public database with personal data
Aug 3, 2021 17:41 GMT  ·  By George Dascalu  ·               
Huge Database Exposing Personal Information
Elasticsearch's database was improperly configured and left unsecured, with no authentication whatsoever, making it easily accessible by a threat actor who just had to enter a valid URL in a browser, according to Hack Read. 

Comparitech's report revealed information about an unsecured marketing database that exposed personal data of 35 million U.S. citizens in Los Angeles, San Diego, and Chicago. The database's ownership is unknown at this time. The report points out that the information was gathered over a period of 11 years, from the beginning of 2010 and May this year.

The Elasticsearch database was not password-protected, making it available to anyone who had a web browser and wanted to look up the information. Bob Diachenko, the Head of Security Research at Comparitech, found the database on June 26, 2021. Diachenko feels that the database could be a marketing firm's attempt to scrape a larger database, and the company made a faulty configuration of the server.

The fact that the time zone was set to Kolkata indicates that the database's source is most likely located in India. Also concerning is that the database was kept vulnerable for nearly a month, making it a sitting duck for cybercriminals.

Amazon stepped in and blocked public access to the leaking database
Amazon's AWS had to shut it down and secure it on July 27, 2021 to contain the leak. Nevertheless, a variety of personal data was made public, including contact information, residence addresses, marital status, email addresses, date of birth, ethnicity, and full names.

It even contained useful information that might be exploited by threat actors, such as shopping habits, assets, media preferences, hobbies and interests, pet ownership details, estimated income, and net worth, amongst other things. For each of the entries, there were 268 different fields of information stored. All this valuable personal information can be used by hackers for fraud and spam campaigns and phishing attempts, among other things.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Over 60 million wearable, fitness tracking records exposed via unsecured database mrtrout 0 555 09-15-2021 , 03:24 AM
Last Post: mrtrout
  533 million Facebook users' phone numbers and personal data have been leaked online SALAMA Youssef 0 1,343 04-04-2021 , 09:47 PM
Last Post: SALAMA Youssef
  Data of 6.5 million Israeli citizens leaks online mrtrout 0 884 03-25-2021 , 07:01 AM
Last Post: mrtrout
  Data breach exposes information of more than 200,000 MultiCare staff, patients Bjyda 0 1,085 03-13-2021 , 12:07 AM
Last Post: Bjyda
  Telemarketing Biz Exposes 114,000 in Cloud Config Error Bjyda 0 1,046 03-03-2021 , 11:33 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)