The data from 123 million US households has been exposed, security researchers from UpGuard recently announced. On October 6, the company’s Cyber Risk Team discovered an unlocked database on an Amazon Web Services (AWS) S3 cloud storage bucket containing private data.
The bucket was found at the subtomain “alteryxdownload”, and belogs to Alterxy partners, consumer credit reporting agency Experian, and the US Census Bureau.
According to this UpGuard blog (opens in new tab), the researchers found a data file titled “ConsumerView_10_2013”, which weighs heavy – 36GB, to be exact. It had 123 million rows, each representing a different household in the States. The researchers are claiming this file exposes more than 3.5 billion fields of personally identifiable data, as well as data points on, basically, everyone in the country.
The amount of detail presented in the file is staggering, not only does it offer things like home address or contact information, but also mortgage and financial status, purchase behaviours, travel habits, and many more.
Usually, S3 buckets have a default security setting which allows only authorised access to content. UpGuard says that for this bucket, it was configured to allow any AWS ‘Authenticated User’ to download the data. And that’s basically anyone with an AWS account.
"Simply put, one dummy sign-up for an AWS account, using a freshly created email address, is all that was necessary to gain access to this bucket's contents," UpGuard wrote in its report.
Image source: Shutterstock/alexskopje