Skip to main content

Details of 123 million US citizens exposed

(Image credit: Image source: Shutterstock/alexskopje)

The data from 123 million US households has been exposed, security researchers from UpGuard recently announced. On October 6, the company’s Cyber Risk Team discovered an unlocked database on an Amazon Web Services (AWS) S3 cloud storage bucket containing private data.

The bucket was found at the subtomain “alteryxdownload”, and belogs to Alterxy partners, consumer credit reporting agency Experian, and the US Census Bureau.

According to this UpGuard blog (opens in new tab), the researchers found a data file titled “ConsumerView_10_2013”, which weighs heavy – 36GB, to be exact. It had 123 million rows, each representing a different household in the States. The researchers are claiming this file exposes more than 3.5 billion fields of personally identifiable data, as well as data points on, basically, everyone in the country.

The amount of detail presented in the file is staggering, not only does it offer things like home address or contact information, but also mortgage and financial status, purchase behaviours, travel habits, and many more.

Usually, S3 buckets have a default security setting which allows only authorised access to content. UpGuard says that for this bucket, it was configured to allow any AWS ‘Authenticated User’ to download the data. And that’s basically anyone with an AWS account.

"Simply put, one dummy sign-up for an AWS account, using a freshly created email address, is all that was necessary to gain access to this bucket's contents," UpGuard wrote in its report.

Image source: Shutterstock/alexskopje

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.