While cloud service providers like Google Cloud hosts their customers' data, it's still the responsibility of the customers to protect their own data.
And here, a mysterious database hosted in Google cloud was left unsecured and reportedly exposed the personal information of more than 200 million U.S. citizens.
Fortunately, all of the 800GB data present on the database was removed by an "unidentified party" on March 3.
While the entire database has been wiped, CyberNews that reported the incident, said that it isn't clear whether or not "malicious actors" have gained access to it before the wipe.
This is because the database was hosted on a publicly accessible server, and had been leaking data for an unknown period of time. What this means, anyone can simply see and have access to it if they know where to look.
"The data exposed by the unidentified party is a virtual gold mine for anyone with a penchant for cybercrime," CyberNews noted.
On its report, CyberNews said that the records contained, among other things:
- Full names and titles of the exposed individuals.
- Email addresses.
- Phone numbers.
- Dates of birth.
- Credit ratings.
- Home and mortgaged real estate addresses, including their exact locations.
- Demographics, including numbers of children and their genders.
- Detailed mortgage and tax records.
- Detailed data profiles, including information about the individuals’ personal interests, investments, as well as political, charitable, and religious donations.
CyberNews said that much of the data on the main folder might have originated from the United States Census Bureau. The database however, also contained two additional folders that were seemingly unrelated to the mass of personal records the firm found in the main folder.
These folders included emergency call logs of a U.S. fire department, some of the 74 bike share stations that used to belong to Lyft's bike share program.
After having spent several weeks looking for the owners of this unprotected database, CyberNews did not manage to discover who it belonged to before the unidentified party erased all the records.
This unidentified party only left what appeared to be a link to a website with a dancing pirate urging visitors to fix their vulnerability.
"In the best case scenario, the mysterious party was an ethical hacker who simply deleted the data because they couldn’t identify the owner. In the worst case scenario, however, the data has been copied and will be used by cybercriminals to its full destructive potential. Hopefully, it’s the former," closed CyberNews
In the best case scenario, the mysterious party was an ethical hacker who simply deleted the data because they couldn’t identify the owner. In the worst case scenario, however, the data has been copied and will be used by cybercriminals to its full destructive potential. Hopefully, it’s the former.