In another example, the massive violations of user privacy, the researchers found that the independent address and demographic data from more than 80 million US, seven & # 39; advertisements were placed in a secure database is not stored in the cloud.
Details listed include the names, ages and genders, as well as income and marital status. Researchers led by Noam Rotem, were not able to identify the owner of the database, which is still on the Internet and does not require a password for access. Some of the information is encoded as gender, marital status and level of income. The names, ages and addresses are not encrypted.
The data do not include payment information or social security number. up 80 million affected seven & # 39; ads for more than half of American seven & # 39; ads, according to Statista.
"I would not want my details have been exposed in this way," said Rotem in an interview with & # 39; nd CNET. "[Esa información] This should not be. "
Rotem and his team tested the accuracy of some data in the cache, but do not load the data to minimize intrusion into the private lives of those on the list.
This is an example of the general problem of storing data in the cloud that revolutionized the way we store valuable information. Many organizations do not have the experience to protect the data stored on servers connected to the Internet, as a result of repeated exposure of confidential data. In early April, the researchers showed that patients from drug addiction treatment centers in the database information was exposed unprotected data. another researchersaved by other companies in another database, it was available to the public.
Unlike breaking Traditional, you do not need to enter the computer system to access the database, which was left open. You just need to find the IP-address, the code number assigned to a particular web page. However, there is no evidence that the cybercriminals have access to information from the database, in particular.
Research, in partnership with VPNmentor Rotem, an Israeli company that analyzes particular productsand receives a commission when readers choose the one they wanted. In his blog, located on the Monday, the company appealed to the public to help him determine who may have information that may be protected.
"The 80 million seven & # 39; ads, listed here, deserve privacy," said the company in a blog post.
Rotem found that the data is stored in the cloud-based service owned by Microsoft. Secure data depends on the organization that created a database rather than Microsoft. "We notified the owner of the database and have taken steps to help the client to delete the data, as they are not properly secured measures," said a representative of Microsoft CNET on Monday.
The server on which the data is scrambled on the Web in February, Rotem, and discovered in April with the help of tools designed for search and database directory dangerous. In January, he found a gap in security in the aviation reservation system widely used, called the Amadeus, which allows an attacker to view and change the booking of air tickets.
The cache contains information about the demographic of adults 40 years and older. Many people in the list of the elderly, which, according to Rotem, could jeopardize the fraudsters temptation to use this information to try to cheat.
editor's NoteThis article was updated on April 29 at 12:16 pm US Pacific Time To add a comment from Microsoft and more information about the research group on cybersecurity issues. The article has also been updated to reflect that the database has been removed from the Internet.