Personal data of 1.2 billion people found on unsecured Google Cloud server
#1
A massive four-terabyte trove of sensitive personal data belonging to over a billion profiles has been found on an unsecured Google Cloud server - its owner still a mystery - in one of the largest single-source data leaks ever.

The mountain of data, including phone numbers, email addresses, and social media profiles, was sitting unprotected on an anonymous server hosted on the Google Cloud when security researchers Vinny Troia and Bob Diachenko found it while scanning for vulnerabilities last month.

After they reported the massive exposure to the FBI, it disappeared within hours.

It’s not clear who accessed it before Troia and Diachenko, and what they did with the data, but the sheer enormity of the leak, with 1.2 billion unique data profiles potentially slurped up by malicious actors, is enough to cause alarm.

The information was likely obtained in four chunks from so-called “data enrichment” companies, Troia suggested in a blog post on Friday announcing his discovery. These entities allow a customer to use a single piece of information on a person, even just their name, to access potentially hundreds more data points - anything from email address to preferred social activities. Two data enrichers - People Data Labs and OxyData.io - were discovered to be the sources for the data on the rogue server.

However, after communicating with both companies, Troia was satisfied that the server did not belong to either. Its owner could have bought the data from them and just left it lying around unsecured - without any further information about the server’s owner, there was little that could legally be done.

That doesn’t solve the problems of the 1.2 billion people whose private information is now floating around in the ether. Data enrichers pass the responsibility for securing the data they sell onto the customers as soon as the transaction is completed. If that customer’s security lapses, no one is responsible for telling the person whose data is now being pilfered by who knows how many malicious actors that their information is no longer protected.



https://www.rt.com/news/474137-breach-bi...ata-cloud/
Reply
#2
As I see it: Problem is not the possible unproper use of those databases, but their existence.
Reply
#3
I just find it funny how it would be described as a 'massive' 4TB volume of data.  That doesn't sound all that big to me really, I usually deal with much bigger sizes of data than that.  Sounds tiny really considering it contained so many different people's data...
Reply
#4
4 TB ~ 4000 billion bytes / 1.2 billion unique accounts = about 3333 bytes per account;
It isn't a complete dossiê, but enough to do harm.
Reply
#5
There was around a 100Gb of such data dumped on TPB a while back.

The problem, as mentioned, is that people are collecting and selling this info. Which means that the buyers and hackers have free reign to do what they want with it.

Being deleted a few hours after discovery clearly shows it was a korporate thing, or else how would a typical hacker know???

Undetectable owner? Somebody paid for it. If in crypto then it was meant to hide ownership. And yet korporate?
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Italian data protection authority strikes another major blow to Google Analytics Resurgence 0 11,239 Jun 24, 2022, 00:29 am
Last Post: Resurgence
  Mullvad VPN server audit found no information leakage or logging of customer data Resurgence 0 10,707 Jun 23, 2022, 00:52 am
Last Post: Resurgence
  Mongolians to be alerted when their personal data is used Resurgence 0 9,704 Jun 22, 2022, 00:49 am
Last Post: Resurgence
  US: Google to pay $100 million to Illinois residents for Photos’ face feature Resurgence 0 11,099 Jun 07, 2022, 23:20 pm
Last Post: Resurgence
  US: Twitter to pay $150m fine to resolve data privacy violations Resurgence 0 11,328 May 29, 2022, 00:52 am
Last Post: Resurgence



Users browsing this thread: 1 Guest(s)