- A database likely belonging to spammers has exposed a very rich set of data on 35 million Americans.
- Most of the scraped data concerns residents of Chicago, Los Angeles, and San Diego.
- The data was collected by a marketing company over the past decade and it’s as recent as May 2021.
An unknown entity that holds a marketing database that has been left open to access by anyone with a web browser and a valid URL has irreversibly exposed the personal details of about 35 million Americans, residents of Chicago, Los Angeles, and San Diego. The exposed database was discovered by researcher B. Diachenko on June 26, 2021, but since the owner was impossible to discern, there have been no contacting attempts to anyone. By July 27, 2021, the data remained exposed and accessible without requiring a password, but today, Amazon eventually took it down.
The types of data contained in the exposed set include the following:
- Full name
- Email address
- Phone number
- Birth Date
- Home address
- Marital status
- Demographic information
The implications of having an above fall into the wrong hands would be having to deal with scamming attempts, phishing attacks, high-level social engineering, spam, and more. In the demographic data set, there are details like personal interests, estimated income, net worth, media consumption preferences, pet ownership, property information (value, pool existence, purchase date), lifestyle information, purchasing habits, affiliations, etc. Each person’s entry contains 268 fields of information, so this is a pretty rich set of data.
The data was collected between 2010 and May 2021, so there are some very recent entries. Because of the complete absence of any ownership details, Diachenko has made the assumption that this could be the result of a scraping incident from a marketing company, with the actors then storing the data on a misconfigured server for spamming purposes. The fact that the host had its time zone set to Kolkata, India, further backs this hypothesis.
If you live in Chicago, Los Angeles, or San Diego, you should remain vigilant against email, SMS, phone calls, or even post mail communications that may attempt to trick you. Considering how much information the scammers hold on you, it would be fairly easy to convince you of anything. Also, don’t forget to report any attempts of this kind to the police, which could save others from getting scammed.
Unfortunately, these incidents are so frequent that even keeping up with what has been leaked is challenging for everyone. The general advice is to treat all incoming emails with suspicion, and whenever you’re met with the urgency, you should treat it as a giant red flag.