Connect with us

Hi, what are you looking for?

Tech & Science

Over 63 million U.S. Citizens exposed in huge data leak

Data from members of the government and police are included, making this leak particularly lucrative for hackers if they are supported by a foreign rogue government.

Representation of data at the Design Museum. By Tim Sandle
Representation of data at the Design Museum. By Tim Sandle

Security researchers at vpnMentor have issued a report revealing that business-to-business marketing company OneMoreLead was leaking the private data of up to 126 million U.S. citizens on a misconfigured ElasticSearch server.

OneMoreLead is a new company, offering corporate clients access to over 40 million business leads for their company, along with a host of related services and software tools.

The report indicates, as noted by Forbes, that 34GB of private and highly sensitive personally identifiable data including home address and phone number, email, home device IP address, work email and employer was listed, placing not just citizens at risk but also their employers considering many are still working remotely.

Data from members of the government and police are included, making this leak particularly lucrative for hackers if they are supported by a foreign rogue government.

Furthermore, the report notes that the information could be used to build effective phishing campaigns, posing as a person’s employer, the government, and other trusted organizations to trick targets into any of the following:

  • Sharing additional data that could be used for identity theft and financial fraud (i.e., social security numbers, tax records).
  • Providing credit card information or details about bank accounts.
  • Clicking a link embedded with malicious software, such as ransomware, spyware, or

another form of virus.

vpnMentor researcher Noam Rotem explains to Digital Journal how this issue has come about: “By not securing this database, OneMoreLead exposed over 100 million American’s detailed personal information which could easily have been used to pursue financial fraud, identify theft or effective phishing campaigns.”

He warns: “Given the huge number of people exposed, cybercriminals would only need to successfully defraud or attack a tiny portion to be successful.”

There are other factors of concern too, says Rotem: “Added to which, it was not just individuals that were put at risk but also their employers as the type of information leaked meant there was a strong chance of business email compromise risk”

The issue does not stop with the private sector, notes Rotem: “Simultaneously, some government email addresses were found in the database. This can also be a gold-mine for criminal hackers who could use this data to infiltrate otherwise secure, high-level government agencies, resulting in major national security breaches.”

The current issue of concern is unlikely to be a rare event, Rotem  explains: “Unfortunately, leaks of this nature are becoming more common. However, any leak like this could be easily avoided with some basic security measures taken including, securing servers, implementing proper access rule, and never leaving a system that doesn’t require authentication open to the Internet.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Entertainment

Rapper Nicki Minaj caused an uproar this week when she tweeted to her 22.6 million followers.

World

Bulgarian-born Christo had dreamt of wrapping the war memorial since living nearby in the 1960s - Copyright AFP/File Lillian SUWANRUMPHAEric RANDOLPHPresident Emmanuel Macron was...

Life

For children and parents schools have a fair amount of trepidation and stress. Here is some advice.

World

Cuban President Miguel Diaz-Canel (L) and Mexican President Andres Manuel Lopez Obrador attend a ceremony marking Mexico's independence, in Mexico City on September 16,...