- The security researcher finds a 38 GB unmarked database containing 10,820 recordings
- Names, postal addresses and others have been disclosed on the Internet open
- The archive, owned by Imdatacenter, is now closed
Imdatacenter, a data hygiene, improvement and add -based service supplier, was found to flee thousands of open internet sensitive personal recordings.
Security researcher Jeremiah Fowler discovered a database not encrypted and not protected by splashes, containing 10,820 recordings. He measured 38 GB, the majority of files being .csv’s calculation sheets with “several thousand or hundreds of thousands of rows of PII”.
There is still no evidence of abuse in nature, but PIIs (personally identifiable information) included the names of people, postal addresses, email addresses, telephone numbers and lifestyle or property.
Lock the database
“The recordings seemed to be a storage frame of storage for orders of customers labeled” reports “and” results “, said Fowler Website planet.
“File names have indicated that these lists have been used for several purposes, including sales and marketing tracks for sectors such as insurance, solar energy, elections, car guarantees, hospitals, health care providers, etc.
Imdatacenter is an integrated Brooks marketing division based in Florida, offering a marketing data improvement platform, including identity resolution, call to telephone and e-mails, a complete integrated marketing annex (CIMA), etc.
The platform data library covers 260 million people, 130 million households, 600 million emails, 550 million telephone numbers, etc.
Fowler contacted the company to warn them of leakage information, and the database was locked shortly after.
“Data security is also very important for us and we really enjoy sharing this information with us,” they told the researcher. “We work to secure information as soon as possible”.
The researcher also stressed that many companies hire third -party service providers to own and manage such databases. We do not know who maintains that of Imdatacenter. It is also not known if malicious actors have found the database in the past, or abusing it for phishing, identity theft or similar identity attacks.
