Highly Sensitive Data of 200 Million Properties in the USA Leaks Online

• 200 million properties and their owners in the United States have been exposed by an unprotected database.
• The database stayed online and accessible by anyone with a browser for over a month, but the owner remains unknown.
• The data that was exposed ranges from generic demographic information down to personal hobbies and interests.

Bob Diachenko and a team of researchers from Comparitech have discovered a humongous database containing very revealing information related to 200 million properties across the United States. The discovery was made on January 27, 2020, while BinaryEdge indexed the database a day before. Failing to figure out who owns the database, the team couldn’t notify anyone, so they alerted Google instead, which was found to be hosting the leaking cloud server. More than a month later, on March 4, 2020, the database was finally taken offline.

The data that was leaking for at least a full month includes the following information:

Owner Details:

• Name
• Address
• Email address
• Age
• Gender
• Ethnicity
• Employment
• Credit rating
• Investment preferences
• Income
• Net worth

Property Details:

• Market value
• Property type
• Mortgage amount, rate, type, and lender
• Refinance amount, rate, type, and lender
• Previous owners
• Year built
• Number of beds and bathrooms
• Tax assessment info

The database even contained details like whether or not the resident smokes, has a credit card, has pets, plays golf, travels, donates to charity, uses bike-sharing services, has called the local fire department, and more. As it becomes easily understood, the consequences of having all of the above exposed are grave - as spammers, scammers, and phishing actors couldn’t have asked for anything else really.

The extent of the exposure is great, as we’re very probably talking about the entirety of the residential properties in the United States. Not knowing who is responsible for this blunder is a big problem, as the consequences of the database owner’s irresponsibility and negligence will burden the exposed individuals once again. No fines will be paid, no identity and fraud protection services will be offered, and no one will have to revisit their practices and ensure that this won’t happen again.

In the last couple of months, we have seen many cases of massive databases containing demographic information appearing online without any protection. In February, 120 million households were exposed by the “Tetrad” market analyst firm. In November 2019, 1.2 billion people had their personal data exposed by the "OxyData" data aggregation company. It looks like these “uber-leaks” are happening more often now, as an increasing number of entities get involved in the exploding field of data enrichment and analytics. In this situation, users have completely lost the control of their data, knowing nothing about who holds their information and in what context or basis it is shared with others.