Cloud-Based Repository Leak Exposes 123 Million American Households

"An Amazon Web Services (AWS) S3 cloud storage bucket containing information from data analytics firm Alteryx has been found publicly exposed, comprising the personal information of 123 million U.S. households," reports ZDNet. "The S3 bucked, located at the subdomain 'alteryxdownload,' was found by California cybersecurity firm UpGuard, with its Cyber Risk Team discovering the leak on October 6, 2017." From the report: The 36 GB data file titled "ConsumerView_10_2013" contained over 123 million rows, each one signifying a different American household. A similar file was seen by UpGuard when the personal details of 198 million American voters, compiled in a dataset by a data firm used by the Republican National Committee, were exposed. To highlight the breadth of the issue, UpGuard said the exposed data reveals over 3.5 billion fields of personally identifying details and data points about virtually every American household, including racial and ethnic information. The spreadsheet uses anonymized identifiers, but the information in the other few billion fields are very detailed, UpGuard said. Home addresses, contact information, mortgage status, financial histories, and very specific analysis of purchasing behavior -- such as domestic travel habits, if someone is a cat enthusiast, and their sporting interests -- is up for grabs in the exposed data. As for how this happened, ZDNet says, "the bucket was configured via permission settings to allow any AWS 'Authenticated Users' to download its stored data. Authenticated users are any user that has an AWS account."

Capitalism will correct this

Don't worry. The invisible hand of the free market will solve this. That is also the reason nobody is in this database who did not volunteer for it.

Oh Noes!

[Shogun37]

The cloud is insecure! Who would have thought? A locally controlled cloud, or a contract that has incentives for the owners NOT to be pants on head, window licking morons, can be a good thing. However, most clouds (as far as I have seen) are about a secure as a screen door on a submarine. And as long as the owner of the cloud keeps making money, and writing contracts that absolve them of all responsibility, this will keep happening.

For those wondering

[Solandri]

123 million households is pretty much everyone in the U.S..

Re:WTF is Alteryx?

[martyros]

From the first paragraph of TFA:

Exposed within the repository are massive data sets belonging to Alteryx partner Experian, the consumer credit reporting agency, as well as the US Census Bureau, providing data sets from both Experian and the 2010 US Census.

So Alteryx got data from a credit bureau and screwed it up. This should at least open them up to a massive lawsuit from Experian for breach of contract.

Where can I get a copy?

[ElizabethGreene]

Where can I get a copy?

I'd like to see how well de-identified it is.