The online marketing and analytics firm Alteryx, publicly exposed the massive amount of sensitive personal information of around 123 million American households, as per a report by UpGuard.
UpGuard is a California-based cybersecurity firm, which said that the exposed massive data belonged to consumer credit reporting agency Experian, and US Census Bureau. This data included personal, private and financial information (home addresses, contact information, mortgage ownership, and financial histories) of tens of millions of American consumers.
The breach was discovered when researchers from UpGuard found AWS S3 cloud storage bucket located at “alterxdownload” subdomain containing all the consumer information. Although, the AWS allows only authenticated users to access this information by default, but it was not the case here.
It could be accessed by anyone who has an Amazon AWS account. These accounts can be registered freely, and even the dummy sign-ups for AWS account could access all the content of bucket. There was no need of any coding, or any hacking tool; just a free AWS account.
Among the leaked data, there were US Census Bureau’s 2010 census results in .exe file, and Republican National Committee’s 36 GB data file named “ConsumerView_10_2013” stored with .yxdb extension.
The ConsumerView file contained more than 123 million rows and 248 columns, where each row signified a different American household, and each column represented the personal details across a wide range of categories.
“This is an enormous problem facing the IT landscape today. As have been seen in many previous data exposures, most enterprises lack the ability to even assess the security postures of external vendors,” wrote Chris Vickery, UpGuard Director of Cyber Risk Research.
“This exposure is a prime example of the way in which third-party vendor risk can result in sensitive data leaking from multiple entities,” he added.