WTF?! Companies leaving customer data exposed on the internet is unfortunately not that uncommon these days. However, it is usually easy for the good Samaritans that discover these breaches to track down the company responsible so that they can stop the leak — until now.
Security website vpnMentor says, researchers were baffled when they discovered an exposed database containing the records of over 80 million households on a Microsoft server. That is nearly 65 percent of the homes in the US. What made it baffling was that it did not have a clear owner.
Hacktivists Noam Rotem and Ran Locar made the discovery and said that the records were completely unprotected. The 24GB database includes full names, addresses, the number of people living in the household, marital status, income bracket, age, gender, dwelling type, and homeowner status.
The only clue as to whom it may belong to is that “member_code” and “score” fields seem to indicate it is for some service, but other than that it’s anyone’s guess.
“Help us solve the riddle. The 80 million families listed here deserve privacy, and we need your help to protect it.”
The database is relatively recent. Rotem told CNET the server first went online in February. So the records have only been exposed for a few months at most. However, that does not lessen the seriousness of the data leak.
“I wouldn’t like my data to be exposed like this,” Rotem said. “It should not be there.”
Microsoft is aware of the unsecured database but has declined to comment. It is unclear if the software giant has contacted the owner of the records, but that would be the responsible thing to do.
The researchers are not relying on Microsoft to take action though and are hoping the public can help them identify the owner. They ask that anyone that may recognize this information to contact vpnMentor.