Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday January 11 2020, @07:12AM   Printer-friendly
from the US-law-says-it-can-be dept.

Why is a 22GB database containing 56 million US folks' personal details sitting on the open internet using a Chinese IP address? Seriously, why?:

A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough.

The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone's name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records.

However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it's being served from an IP address associated with Alibaba's web hosting wing in Hangzhou, east China, for reasons unknown. It's a perfect illustration that not only is this sort of personal information in circulation, but it's also in the hands of foreign adversaries.

It just goes to show how haphazardly people's privacy is treated these days.

A white-hat hacker operating under the handle Lynx discovered the trove online, and tipped off The Register. He told us he found the 22GB database exposed on the internet, including metadata that links the collection to CheckPeople.com. We have withheld further details of the security blunder for privacy protection reasons.

The repository's contents are likely scraped from public records, though together provide rather detailed profiles on tens of millions of folks in America. Basically, CheckPeople.com has done the hard work of aggregating public personal records, and this exposed NoSQL database makes that info even easier to crawl and process.

"In and of itself, the data is harmless, it's public data, but bundled like this I think it could actually be worth a lot to some people," Lynx told El Reg this week. "That's what scares me, when people start combining these with other datasets."


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Saturday January 11 2020, @07:41AM

    by Anonymous Coward on Saturday January 11 2020, @07:41AM (#942183)

    foreign adversaries.

    Damn Belgians! Give my back my data!

  • (Score: 1, Touché) by Anonymous Coward on Saturday January 11 2020, @11:55AM (3 children)

    by Anonymous Coward on Saturday January 11 2020, @11:55AM (#942207)

    Why is a 44GB database containing 112 million Chinese folks' personal details sitting on the open internet using an Amazon cloud address? Seriously, why?

    • (Score: 0) by Anonymous Coward on Saturday January 11 2020, @01:05PM

      by Anonymous Coward on Saturday January 11 2020, @01:05PM (#942211)

      Because it's cheaper to do nothing, publicly, than hiding it, that's why. In both cases.

      It also sends the additional message about your weakness and inability to do anything about it, although that was probably never part of conscious reasoning.

    • (Score: 0) by Anonymous Coward on Saturday January 11 2020, @01:29PM

      by Anonymous Coward on Saturday January 11 2020, @01:29PM (#942214)

      Won't be, because the Chinese government will have a berth in a reeducation camp for whoever threatens social harmony.

    • (Score: 0) by Anonymous Coward on Saturday January 11 2020, @04:11PM

      by Anonymous Coward on Saturday January 11 2020, @04:11PM (#942248)

      Does Bobby Drop Tables know about this?

  • (Score: 3, Interesting) by VLM on Saturday January 11 2020, @02:48PM (1 child)

    by VLM (445) Subscriber Badge on Saturday January 11 2020, @02:48PM (#942226)

    The only folks who don't have open access to everyone's "personal" data are the people. Every corporation and government has open access to everything for any purpose.

    So ironically this just makes things "fair".

    • (Score: 1, Interesting) by Anonymous Coward on Saturday January 11 2020, @04:50PM

      by Anonymous Coward on Saturday January 11 2020, @04:50PM (#942254)

      You're not wrong.

      Data brokerage has been a pretty lucrative industry since... well at least as far back as the database. It's not a particularly "online" phenomenon either, look at any credit card or utility contract, for example. I did an onsite to migrate one broker from dialup to fibre back when dialup was still a thing. (Imagine my jealousy.)

      The gatekeeper to that data has mostly been the cost, though some brokers have other requirements. The only objection I have with laying the data out for all to see is that people have different incentives than corps and governments, and I'd rather not be subjected to the whims of a third faction of psychopaths.

  • (Score: 2) by VLM on Saturday January 11 2020, @02:52PM

    by VLM (445) Subscriber Badge on Saturday January 11 2020, @02:52PM (#942228)

    sometimes database indexes define the use of the DB. Of course ultra-noobs don't have any indexes LOL or implement indexing in the app LOL.

    Anyway 56.25 megarows times a bunch of columns fitting in 22 GB obviously has no indexes or it would be huge (huger-er anyway)

    My guess is SELECT statement equivalents are going to take awhile (its nosql so who knows which)

  • (Score: 3, Funny) by srobert on Saturday January 11 2020, @06:55PM

    by srobert (4803) on Saturday January 11 2020, @06:55PM (#942280)

    What a great source of information about my political opponents.
    China, if you're listening, the voters would be very interested in seeing those records.

  • (Score: 2) by jmichaelhudsondotnet on Saturday January 11 2020, @08:41PM

    by jmichaelhudsondotnet (8122) on Saturday January 11 2020, @08:41PM (#942299) Journal

    Where can I find my record in this? Where is the link to the actual thing?

    Anyone care to dox me? I have been one of the most non-anon people evar.

    For instance, does anyone here even know any of my reddit usernames? Or do any anon cops want to tell everyone?

    Just curious. Or what was my last facegag post?

    Go to town. Am I real? Or is my entire data trail a psychological operation to get you to......idk, what? You tell me what my long game is.

    TBP suggested last week I wrote my vast 50k+ words homepage, started a victorias secret boycott and posted huge meme collections under my real name in order to troll another sn user, and while calling me a paranoid.

    Is there any amount of data that would verify a person was real, or could any amount of internet data be a govt agent? Consider also the negative trust zone at my website outs at least a dozen disinfo operators, that ruins many millions of dollars of budget, and my zersetzung explanation doxes their modus operandi, and Ill give you another one, Debbie Lusignon the Sane Progressive is also obviously a cop or agent, and now she has disappeared...

    And if the data is all 50/50, why tf is it worth so much to cambridge shitalytica? Riddle me that.

  • (Score: 2) by pipedwho on Saturday January 11 2020, @10:38PM (2 children)

    by pipedwho (2032) on Saturday January 11 2020, @10:38PM (#942326)

    Is it because the company with lax IT security that exposed all this information can't take it down anymore?

    Is it because all this information is now in 'foreign' hands, in a way that it wouldn't be if it was just downloaded from an open server in the USA?

    Or is it because open servers in the USA leaking details of millions of people are old hat and the only way to get media exposure for your white-hat discovery is to invoke the China bogeyman?

    • (Score: 2) by Reziac on Sunday January 12 2020, @03:06AM (1 child)

      by Reziac (2489) on Sunday January 12 2020, @03:06AM (#942395) Homepage

      Or is it in China because it leaked via some backdoor we don't know about??

      --
      And there is no Alkibiades to come back and save us from ourselves.
      • (Score: 0) by Anonymous Coward on Monday January 13 2020, @07:44AM

        by Anonymous Coward on Monday January 13 2020, @07:44AM (#942664)

        It was an open database. No mysterious conspiracy theories required.

(1)