Independent security researchers have found that the demographic details and addresses of more than 80 million US households were left exposed on an unsecured cloud database.
The research team, composed of Noam Rotem, Ran Locar and others, were unable to find the identity of the database owner.
They did manage to find that the details included names, ages, genders, income levels and marital status. The data didn’t include payment information or Social Security numbers.
Some of the information — gender, marital status and income level — were coded. Meanwhile, names, ages and addresses were left uncoded.
Until Monday, the online cloud database required no password to access.
The 80 million households impacted make up over half of all households in the US.
As Rotem noted in an interview, “I wouldn’t like my data to be exposed like this. It should not be there.”
While Rotem’s team found that the data was stored in a Microsoft-owned cloud service, securing the data is up to the organization that created the database in the first place, not Microsoft.
As a Microsoft spokesperson said in a statement, “We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured.”
The privacy breach highlights a major flaw of current cloud data storage.
Put simply, many organizations don’t have the expertise to secure the data they keep on internet-connected servers. This lapse creates opportunities for exposure of sensitive data.
Recent researchers have also found that patient information from drug treatment centers was exposed in a database; another researcher found a publicly visible database for Facebook user data stored by third-party companies.
Finding a database doesn’t involve hacking. You just need the IP address and numerical code assigned to the web page.