Unprotected server exposed data on 80 million U.S. households

A cloud server operated by Microsoft has been leaking the personal data of 80 million U.S. households including people's full names, physical addresses, and dates of birth.

A pair of Israeli security researchers say they discovered the unprotected database while working on a web mapping project with VPN review site vpnMentor. In addition to names and addresses, the 24GB database also stored coded information on people's gender, marital status, income levels, and whether they've been a homeowner.

Who owns the data on the server isn't known. However, the mysterious party decided to itemize all the information by household, instead of individuals. Each record was also accompanied by a "member_code" and "score" entry.

"This open database is a goldmine for identity thieves and other attackers," vpnMentor said. For instance, the trove of information could help hackers target the wealthy or people based on age.

But before you freak out, it isn't clear how accurate all the information inside the database is or if bad actors ever found it. There's also a staggering amount of data already available about everyone on Google search, Whitepages, social media and people finding services.

The good news is that the server has been pulled from the public internet. "We have notified the owner of the database and are taking appropriate steps to help the customer remove the data until it can be properly secured," Microsoft said in a statement. However, it declined to name the customer.

The incident is another troubling example of someone failing to secure an online server containing the records on millions of people.