Connect with us

Hacker News

Huge Unprotected Online Database Exposes 114 Million US Citizens and Companies

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

Huge Unprotected Online Database Exposes 114 Million US Citizens and Companies

Published

4 years ago

on

Huge-Unprotected-Online-Database-Exposes-114-Million-US-Citizens-and-Companies

Today it was revealed that a huge database containing over 114 million records of US citizens and companies has been sitting online unprotected, exposing private data. The database was discovered by HackenProof, a penetration testing company based in Estonia. They found the data sitting in the Shodan search engine in two Elasticsearch indices. Elasticsearch is a search engine based on the Lucene library (a free and open-source information retrieval software library.)

On one search they managed to find personal information for 56,934,021 US citizens. This information included private or sensitive information like a person’s full name, job title, employer, email address, phone number, IP address, and street address and ZIP code. HackenProof released a fact sheet about the find, which stated that almost 83 million people were affected.

This exposure is particularly worrying, especially if it got into the hands of scammers. Scammers could use the information to conduct targeted spear phishing scams or cold calling individuals and building trust with the details they have.

It has not been confirmed who the owner of the data is, although it is thought that it comes from Data & Leads Inc. Data & Leads are a 10-year-old data management company based in Toronto, Canada. Data & Leads haven’t responded to questions about the incident, however, their website did go offline for a short period, and the database is no longer available.

The information was made available because of a misconfiguration in the Elasticsearch instances that allowed access without authentication. Often when an attacker stumbles across something like this, they will delete records from the database and ask for money in return for returning it. However, many people have found that if they pay the money, the records will not return since the attacker hasn’t made a copy of them.

It is not known how long the data was exposed for, and if attackers have already used it in scams against US citizens and companies.

Related Topics:

Experienced British technology journalist and online reporter

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *