The database contains the personal details of 56.25 million US residents. The details are very sensitive including names, home addresses, phone numbers, ages, The Register reported.
Where does the information come from?
Researchers say that it belongs to CheckPeople.com, a company based in Florida, USA. CheckPeople.com is a typical website for finding people against a fee. Any use who pays the fee can enter a person’s name, and look up that person’s current and past address, phone number, email address, and in some cases, even criminal records. Other details can also be revealed through a people-finder website such as this one.
This abundance of highly sensitive personal information can be easily exploited by cyber crooks, as it can be downloaded in bulk. The most bizarre thing, however, is that the database is being served from an IP address connected to Alibaba’s web hosting wing in Hangzhou, China. This means that the information is “in the hands of foreign adversaries,” as The Register puts it.
The 22GB-database database was discovered by Lynx, a white-hat hacker
Lynx, a white-hat, stumbled upon the database online, and got in touch with The Register. He told the media that he discovered a 22GB-database exposed on the internet. The information includes metadata linking to CheckPeople.com. “We have withheld further details of the security blunder for privacy protection reasons,” The Register explained.
It appears that the contents are scraped from public records, and when they are put together, they can provide detailed profiles on millions of US citizens.
“In and of itself, the data is harmless, it’s public data, but bundled like this I think it could actually be worth a lot to some people,” Lynx told the media in a conversation. However, what is bothering is that the information can be combined with other datasets.
The media tried to reach CheckPeople.com to alert them about the data leak multiple times. So far, there hasn’t been an answer. The white-hacker has been unable to reach the service as well.
“We have also pinged Alibaba to alert it to the exposed database, should it care about Americans’ privacy,” The Register said.
In November last year, an ElasticSearch server was discovered exposing “an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.” This server was accessible without the need of authentication, which exposed the data of more than 1.2 billion unique individuals. This made the data breach one of the largest data leaks from a single source so far.