Security researchers discovered a database with detailed information about 80 million U.S. households -- including names, ages, marital status, precise geolocation data, and income brackets of household members -- on a site that didn't require a password to access.
The database, which had been hosted on a Microsoft cloud server, was taken down by Monday afternoon. The breach was uncovered by vpnMentor, a company that reviews virtual private networks.
vpnMentor said Monday that it's not clear who owns the database, but the inclusion of income-related information points to an insurance, healthcare or mortgage company.
At the same time, the database lacks information typically associated with data held by brokers or banks, including policy or account numbers, social security numbers or payment types.
“This isn’t the first time a huge database has been breached. However, we believe that it is the first time a breach of this size has included peoples’ names, addresses, and income,” vpnMentor wrote Monday.
The company added that the database is a “goldmine” for scammers.
“Addresses can easily lead to phone numbers, making people easy targets for phishing scams,” the company writes. “Dates of birth and postal codes are common answers to security questions.”