- A researcher has discovered a large trove of data containing the personal information of US citizens.
- The data belongs to an American data collector but was hosted on systems that are based in China.
- The information was sourced from various online platforms, and hackers would love their new bundled form.
A researcher who goes by the Twitter username “Lynx” has discovered a database that contains the personal data of about 56.25 million US citizens. The 22 GB of data is hosted in a computer with a Chinese IP address, and the entity that seems to own it is “CheckPeople.com”. This is a Florida-based firm that offers a people search service. You simply enter a name on the platform and the service checks it against their vast database. As it seems though, the company wasn’t very careful with where they host their data silos after all.
Hey @checkpeople you might wanna check your emails.
— Lynx (@Lynx0x00) January 8, 2020
The discovered database was unprotected and accessible by anyone online, which is the main gaffe here. The second blooper is that the company has been exposed for hosting people’s data on Chinese servers, which makes this data accessible by the Chinese authorities according to the local laws. That said, there’s a grave issue of personal data protection here. The type of data that was found in the 56.25 million entries include data that is already publicly available, so CheckPeople merely aggregated it. However, bundling various fragments from around and creating neat packs is an amazing resource for hackers.
The fact that CheckPeople just dropped this data online and left it unprotected and accessible by anyone is indicative of the reckless way with which people’s sensitive details are treated by companies. The owners of this data have never given their consent to have it bundled together, shared with numerous other entities, and eventually exposed to shady channels and platforms. To make their image even worse, the data broker has failed to answer to Lynx’s emails or to respond to the repeated attempts of The Register to reach them. After a few days though, the database was taken offline without any official notice.
CheckPeople’s blunder is just a case that was exposed to the public exactly because they didn’t bother to secure their database properly. There are numerous other data brokers that host our personal data on Chinese servers but we never get to know about it. This means that access of Beijing on the personal data of virtually all of us should be taken for granted. The only thing that we can do is to use fake online personas, which is impossible for the majority of people out there due to a wide variety of reasons. The solution to this problem would be the introduction of strict laws that underpin the collection, management, and reuse of publicly available data, which would bring a hammering punishment upon CheckPeople in this case.