Skip to main content

A mystery database hosted on Google Cloud apparently leaked personal info on 200 million Americans

Leaked Records
Leaked Records (Image credit: Pixabay)

What you need to know

  • An unsecured database reportedly exposed the personal information of more than 200 million Americans.
  • The records in the database contained details such as full names, email addresses, credit ratings, detailed mortgage and tax records of the individuals.
  • Fortunately, all the data present on the database was wiped by an "unidentified party" on March 3.

According to a report from CyberNews, an unsecured database hosted on the Google Cloud service had exposed the personal information of over 200 million users from the U.S. The database was owned by an unidentified party and had nearly 800GB of personal user information.

Leaked Records Example

Source: CyberNews (Image credit: Source: CyberNews)

While the entire database was wiped on March 3, CyberNews says it isn't clear if any malicious actors or uninstended parties gained access to it before the wipe. Since the database was hosted on a publicly accessible server, however, it would have been fairly easy for anyone to access the data, as long as they knew where to look.

The main folder in the database reportedly contained the following information about the exposed individuals:

• Email addresses• Full names and titles • Phone numbers• Dates of birth• Credit ratings• Home and mortgaged real estate addresses, including their exact locations• Demographics, including numbers of children and their genders• Detailed mortgage and tax records• Detailed data profiles, including information about the individuals' personal interests, investments, as well as political, charitable, and religious donations

CyberNews is speculating that the majority of the data on the main folder may have come from the United States Census Bureau and possibly belonged to a data marketing firm or a credit company. Along with the main folder, the database contained two additional folders that were "seemingly unrelated" to the records in the main folder. The additional two folders contained emergency call logs of a fire department in the U.S. and a list of 74 bike share stations belonging to a bike share program.

How to properly secure your Android phone

Babu Mohan
Babu Mohan
6 Comments
  • Shouldn't a company like Google face penalties over something like this instead of just throwing up their hands? ¯\_(ツ)_/¯
  • This has nothing to do with Google. It only provides the space, the customer has to set up the database. Amazon and Microsoft are the same. FWIW, there are easy to use tools from all three companies to make sure this doesn't happen but apparently they weren't used this time.
  • This is getting so exhausting. There has to he a fundamentally better way to go about this. Some sort of ground-up approach where information is stored on a user's personal device and accessed periodically by entities with permission, but never stored. Then only individuals with poor security hygiene would be breached, and mass information dumps would be a thing of the past.
  • The only thing that would work is massive fines, massive in that they actually hurt. And then make sure they don't pass the pain to the customers. I know people with new, expensive, phones that have zero security and only use passwords when forced. And I'm guessing they are terrible. It's impossible to outsmart stupid.
  • You can't fine people into beating hackers. There has to be a new way of thinking.
  • I say that the law enforcement people need to identify those who are lax in implementing security best practices and throw them in jail!!!!
    Then maybe others who are responsible will get the message. You cannot fine multi-billion dollar companies enough to get them to react...but take those CEO's and others and throw them in a cage for few years and I bet the rest will surely take note. I am not talking about those who did all they could and still got hacked. I am talking about those who can afford the best security on the planet but refuse to invest the money to protect our data.