A cybersecurity firm in the US has stated that they discovered a leak which revealed personal information of American households. The database was weakly protected according to the cybersecurity firm. The cloud repository, which was discovered back in October, exposed the datasets which belonged to a Californian company called Alteryx.
The researchers who disclosed the leak said the data revealed was taken from a number of the company’s partners. The partners include the US Census Bureau and Experian. The company’s website also reveals that some of its partners include Microsoft and Amazon Web Services. On their about page, the company states that they are trusted by many brands in the world.
According to the researchers, the database that was leaking was titled ConsumerView, seemingly made for marketing and advertising. The database had home addresses, mortgage data, financial records and contact details on it. It had amounting to 36 GB in size. Another part of the files leaking included the US Census Bureau’s 2010 results.
In a blog post, Dan O’Sullivan, a threat researcher at the firm wrote that the exposed revealed billions of personal information. Put together, the data revealed information about virtually every American household. He also wrote that the ConsumerView database the company had was advertised as having the largest and most comprehensive resource for traditional and digital marketing campaigns. One Experian brochure got for the ConsumerView product also reiterated the same thing. The brochure noted that the ConsumerView package held more than 300 million individuals data and had close to 126 million households information.
The security firm, UpGuard, said the database had anonymized record IDs which meant no names were included. However, they noted collectively it could be used to identify households and US citizens. Alteryx offers a service called Designer with Data, which might explain why they had ConsumerView package. The service includes demographics, segmentation and firmographic data from various services such as the US Census Bureau, Experian and many more.
Alteryx noted that they had removed the leaky database from the internet. They also released a statement which said the exposed information was harmless to citizens. It noted that all household information was aggregated and de-identified.
UpGuard on the other hand believes, there is more than what Alteryx is admitting. O’Sullivan wrote that the data includes personal, financial, and private information of American citizens. They also noted that the exposure of data from three different firms could quickly affect their partner and consumers and expose their data easily.