Skip to main content

Why is a 22GB database containing 56 million US folks' personal details sitting on the open internet using a Chinese IP address? Seriously, why?

https://ift.tt/2TamCkO Exclusive A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough. The information silo appears to belong to Florida-based CheckPeople.com, which is a typical people-finder website: for a fee, you can enter someone's name, and it will look up their current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases, all presumably gathered from public records. However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, it's being served from an IP address associated with Alibaba's web hosting wing in Hangzhou, east China, for reasons unknown. It's a perfect illustration that not only is this sort of personal information in circulation, it's also in the hands of foreign adversaries. It just goes to show how haphazardly people's privacy is treated these days. A white-hat hacker operating under the handle Lynx discovered the trove online, and tipped off The Register. He told us he found the 22GB database exposed on the internet, including metadata that links the collection to CheckPeople.com. We have withheld further details of the security blunder for privacy protection reasons. The repository's contents are likely scraped from public records, though together provide rather detailed profiles on tens of millions of folks in America. Basically, CheckPeople.com has done the hard work of aggregating public personal records, and this exposed NoSQL database makes that info even easier to crawl and process. "In and of itself, the data is harmless, it's public data, but bundled like this I think it could actually be worth a lot to some people," Lynx told El Reg this week. "That's what scares me, when people start combining these with other datasets." While CheckPeople.com also offers criminal record searches, Lynx did not find that information among the cache. AWS has new tool for those leaky S3 buckets so, yeah, you might need to reconfigure a few things READ MORE The Register has repeatedly attempted to reach a human at CheckPeople to alert it to the leak, and the site's administrators have yet to respond. Its customer-support call center directed us to email the company, although our messages were subsequently ignored, it appears. Similarly, Lynx told us he has been unable to get hold of anyone beyond a third-party call center worker. You would think a company trafficking in personal records would care a bit more about being able to be reached. Whether this is data somehow obtained by a Chinese outfit from CheckPeople and dumped lazily online, or a CheckPeople server hosted in China, is unclear. However, under the laws of the People's Republic, government agencies can more or less search any machine at any time in the Middle Kingdom, meaning profiles on 56.5 million American residents appear to be at the fingertips of China, thanks to CheckPeople – we assume Beijing has files on all of us, though, to be fair. Again, repeated attempts to contact CheckPeople for its side of the story were unsuccessful. Should the company decide to get in touch, we will update this story as needed. We have also pinged Alibaba to alert it to the exposed database, should it care about Americans' privacy. ®

Comments

Popular posts from this blog

Friends in all the wrong places

https://ift.tt/2BVSIXZ Striding past the glistening rows of duty-free liquor, watches and perfume, the two international travellers moved like men who could fight. Richard ''Gelly'' Gelemanovic had broad shoulders and a confident gait, while his companion, convicted heroin trafficker Amad ''Jay'' Malkoun, had a physique honed during his 16-year stint in prison. It was July 3, 2003, and Malkoun was recently out of jail, having gained public notoriety after being charged in 1988 as a key player in the state's biggest drug syndicate, which had been busted with $5.5 million of heroin. Amad 'Jay' Malkoun was described by police as 'a powerful standover man'. The federal police who were secretly watching Malkoun at Melbourne's international airport described him in a report as ''a powerful stand-over man … actively involved in the Melbourne drug trade''. The profession of his travelling companion, the man Jay called ...

Chicago police release new video of Jussie Smollett

https://ift.tt/2RVeTEh The Chicago Police Department has released new video of “Empire” actor Jussie Smollett related to an alleged hate crime incident. The video appears to show Smollett walking to an elevator and throwing something into a trash can before leaving the building. What appears to be a white rope could be seen around his neck. Police say that this video is from just prior to when Smollett alleges the attack occurred. RELATED: Police release new video of Jussie Smollett with white rope around neck But Smollett’s attorney says that a rope is not around Smollett’s neck and that he was not throwing anything out in the trash, but looking in the mirror to examine his injuries. Smollett alleges that he was the victim of a racist and homophobic hate crime attack in January. But Chicago police say that Smollett staged the attack. Smollett was indicted on 16 felony counts, but prosecutors unexpectedly dropped all charges. According to prosecutors, Smollett forfeited his $10,000 bai...

Turkish intelligence agency MIT got away with illegal wiretapping of prominent journalist - Nordic Monitor

https://ift.tt/2ZRtSmM A panel of judges acquitted Turkey’s National Intelligence Organization (MIT) of falsifying documents in order to illegally wiretap the telephone of Turkish journalist, academic and author Mehmet Hasan Altan. According to documents obtained by Nordic Monitor, the intelligence agency falsified the legal briefs submitted to the court to secure authorization for the wiretapping of Altan’s two mobile phones on October 30, 2008. In its brief MIT claimed that it wanted to identify an international espionage network and terrorist activities and listed Altan as a suspect under the fake code name “pastor.” The Istanbul 14th High Criminal Court judge approved the request without knowing that the suspect mentioned by MIT was actually a prominent journalist. MIT requested an extension of the wiretap on February 9, 2009 from a judge at the the 11th High Criminal Court and a second extension on May 8, 2009 from the 14th High Criminal Court. Both requests were approved. MIT fil...