Data 57 million Americans were in open access
Personal data of millions of US citizens for two weeks were stored on an unprotected server.
Personal data of about 57 million Americans for the spirit of the weeks were in the public domain on an unprotected ElasticSearch server. The problem was discovered by security researcher Bob Dyachenko during a planned audit of unprotected servers indexed by the Shodan search engine.
More than 73 GB of information was stored on the server, and some databases were cached in server memory. In one of the databases, Dyachenko found 56,934,021 records with personal data of US citizens. In most cases, the records contained full names, email addresses, home addresses with postal code, phone numbers and IP addresses.
The researcher also found another cached database called Yellow Pages on the server, containing an additional 25,917,820 records with corporate data (company names, NAICS and SIC codes, as well as information on the number of employees, income, etc.)
Dyachenko discovered the problem server on November 20, but it was indexed by the search engine Shodan since November 14. Who is the owner of the server is unknown. However, judging by its content, the researcher suggested that the data may have a direct or indirect connection with the Canadian company Data & Leads. The company ignored the appeal of the researcher, but later the server was turned off.