Researcher spotted open database before criminals … we hope
November 27, 2024 By Jessica Lyons
Exclusive More than 600,000 sensitive files containing thousands of people's criminal histories, background checks, vehicle and property records were exposed to the internet in a non-password protected database belonging to data brokerage SL Data Services, according to a security researcher.
We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks.
In addition to not being password protected, none of the information was encrypted, he told The Register. In total, the open bucket contained 644,869 PDF files in a 713.1 GB archive.
"Even when I would make phone calls to the multiple numbers on different websites and tell them there was a data incident, they would tell me they use 128-bit encryption and use SSL certificates – there were many eye rolls," he claimed.
