Mysterious database exposed over 80 million records on US households

Cal Jeffrey

Posts: 2,854   +744
Staff member

Security website vpnMentor says, researchers were baffled when they discovered an exposed database containing the records of over 80 million households on a Microsoft server. That is nearly 65 percent of the homes in the US. What made it baffling was that it did not have a clear owner.

Hacktivists Noam Rotem and Ran Locar made the discovery and said that the records were completely unprotected. The 24GB database includes full names, addresses, the number of people living in the household, marital status, income bracket, age, gender, dwelling type, and homeowner status.

The only clue as to whom it may belong to is that “member_code” and “score” fields seem to indicate it is for some service, but other than that it’s anyone’s guess.

"Help us solve the riddle. The 80 million families listed here deserve privacy, and we need your help to protect it."

The database is relatively recent. Rotem told CNET the server first went online in February. So the records have only been exposed for a few months at most. However, that does not lessen the seriousness of the data leak.

“I wouldn't like my data to be exposed like this,” Rotem said. “It should not be there.”

The researchers explain that there is enough information there to be concerned about identity theft, phishing scams, and even home invasion.

Microsoft is aware of the unsecured database but has declined to comment. It is unclear if the software giant has contacted the owner of the records, but that would be the responsible thing to do.

The researchers are not relying on Microsoft to take action though and are hoping the public can help them identify the owner. They ask that anyone that may recognize this information to contact vpnMentor.

Permalink to story.



Posts: 5,715   +3,924
IMO, something like this really should be totally against M$' terms of service. If it is not, there is something clearly wrong, IMO.


Posts: 3,064   +784
Iv seen such questionnaires throughout the late 90s+ from a wide variety of places. Never give your real name\address over the web unless you have absolutely have too. Even those discount Frys\Walgreens\CVS cards ask similiar info. Don't enter your real info. Those discount cards will still work. Never sign up for a lotto tv giveaway at a hotel or casino that says we will call the winner etc.... You will be plagued by time share offers at the very least. Even schools sell student\parent information. Ever wonder why Gillette sent you a free razor when you turned 18?


Posts: 14,111   +1,847
The hosting server has an IP.
NSLOOKUP will give the domain name of the hosting service.

Knot Schure

Posts: 339   +155
IMO, something like this really should be totally against M$' terms of service. If it is not, there is something clearly wrong, IMO.

One Drive is an insta-delete for me.

Clearly MS are going through people's files again, and whilst I am happy they caught one pedo, they still had / have no business going through anyone's docs / files.

Cloud storage is for people with their head in the clouds.

I refuse to believe MS had no knowledge of this database, whoever revealed it.


Posts: 456   +139
Sounds like a database owned by a credit agency...calling it "mysterious" to hide the fact that that will likely cause stern regulation of that industry as it should have been. Plus, how hard can it be to figure out who had access to the server?
Last edited:


Posts: 967   +390
A database hosted by Microsoft and it's unclear to whom it belongs? Wow. Sounds like a job for Sherlock Holmes.