1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Mysterious database exposed over 80 million records on US households

By Cal Jeffrey · 10 replies
Apr 29, 2019
Post New Reply
  1. Security website vpnMentor says, researchers were baffled when they discovered an exposed database containing the records of over 80 million households on a Microsoft server. That is nearly 65 percent of the homes in the US. What made it baffling was that it did not have a clear owner.

    Hacktivists Noam Rotem and Ran Locar made the discovery and said that the records were completely unprotected. The 24GB database includes full names, addresses, the number of people living in the household, marital status, income bracket, age, gender, dwelling type, and homeowner status.

    The only clue as to whom it may belong to is that “member_code” and “score” fields seem to indicate it is for some service, but other than that it’s anyone’s guess.

    "Help us solve the riddle. The 80 million families listed here deserve privacy, and we need your help to protect it."

    The database is relatively recent. Rotem told CNET the server first went online in February. So the records have only been exposed for a few months at most. However, that does not lessen the seriousness of the data leak.

    “I wouldn't like my data to be exposed like this,” Rotem said. “It should not be there.”

    The researchers explain that there is enough information there to be concerned about identity theft, phishing scams, and even home invasion.

    Microsoft is aware of the unsecured database but has declined to comment. It is unclear if the software giant has contacted the owner of the records, but that would be the responsible thing to do.

    The researchers are not relying on Microsoft to take action though and are hoping the public can help them identify the owner. They ask that anyone that may recognize this information to contact vpnMentor.

    Permalink to story.

  2. ckm88

    ckm88 TS Addict Posts: 187   +135

    So, what's new here?
    Impudicus likes this.
  3. OutlawCecil

    OutlawCecil TS Evangelist Posts: 711   +516

    We're lacking privacy in 2019? really?
    Clamyboy74, Knot Schure and Impudicus like this.
  4. wiyosaya

    wiyosaya TS Evangelist Posts: 4,189   +2,475

    IMO, something like this really should be totally against M$' terms of service. If it is not, there is something clearly wrong, IMO.
    Knot Schure likes this.
  5. Uncle Al

    Uncle Al TS Evangelist Posts: 5,667   +4,020

    Microsoft not cooperating? Who'd a thunk it!
  6. treetops

    treetops TS Evangelist Posts: 2,640   +606

    Iv seen such questionnaires throughout the late 90s+ from a wide variety of places. Never give your real name\address over the web unless you have absolutely have too. Even those discount Frys\Walgreens\CVS cards ask similiar info. Don't enter your real info. Those discount cards will still work. Never sign up for a lotto tv giveaway at a hotel or casino that says we will call the winner etc.... You will be plagued by time share offers at the very least. Even schools sell student\parent information. Ever wonder why Gillette sent you a free razor when you turned 18?
    psycros likes this.
  7. jobeard

    jobeard TS Ambassador Posts: 13,106   +1,588

    The hosting server has an IP.
    NSLOOKUP will give the domain name of the hosting service.
  8. psycros

    psycros TS Evangelist Posts: 2,821   +2,665

    Another person who only read the headline, I see.
  9. Knot Schure

    Knot Schure TS Addict Posts: 286   +122

    One Drive is an insta-delete for me.

    Clearly MS are going through people's files again, and whilst I am happy they caught one pedo, they still had / have no business going through anyone's docs / files.

    Cloud storage is for people with their head in the clouds.

    I refuse to believe MS had no knowledge of this database, whoever revealed it.
  10. roberthi

    roberthi TS Addict Posts: 414   +127

    Sounds like a database owned by a credit agency...calling it "mysterious" to hide the fact that that will likely cause stern regulation of that industry as it should have been. Plus, how hard can it be to figure out who had access to the server?
    Last edited: Apr 30, 2019
    TempleOrion likes this.
  11. Markoni35

    Markoni35 TS Addict Posts: 310   +130

    A database hosted by Microsoft and it's unclear to whom it belongs? Wow. Sounds like a job for Sherlock Holmes.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...