Security experts have discovered an online, unprotected database that stores the personal data of 80 million American households. Not only does the data on the 24 GB database include people’s full names, street addresses, marital statuses, dates of birth, income brackets, home ownership statuses and more, but the researchers don’t know who the database belongs to, since it was hosted on a cloud server.
Ran Locar and Noam Rotem of vpnMentor discovered the database, adding that they believe it is the first time a breach of this size has included such detailed information.
“This open database is a gold mine for identity thieves and other attackers,” they said, according to Fortune.
While 80 million households are included in the database, the number could impact hundreds of millions of individuals. Everyone in the database is over the age of 40. In addition to identity theft, the data could be used to target older and more vulnerable people for phishing and scam attempts. Since real locations and income levels have been exposed, the information could also be used by real-world thieves.
In the meantime, vpnMentor is asking for help in identifying who might own the database so it can be notified about the issue.
This is just the latest instance of a data leak. Last month, close to 1 billion email accounts were leaked by a marketing company in what some researchers called the “biggest and most comprehensive email database” breach ever. The personal information from 982 million email accounts included names, gender, dates of birth, employers and even home addresses.
The online database was created by a company called Verifications.io, which reportedly had no security measures in place. The company offered an “enterprise email validation” service for marketing companies to check whether email addresses were valid or not.