“An Amazon Web Services (AWS) S3 cloud storage bucket containing information from data analytics firm Alteryx has been found publicly exposed, comprising the personal information of 123 million U.S. households,” reports ZDNet. “The S3 bucked, located at the subdomain ‘alteryxdownload,’ was found by California cybersecurity firm UpGuard, with its Cyber Risk Team discovering the leak on October 6, 2017.” From the report: The 36 GB data file titled “ConsumerView_10_2013” contained over 123 million rows, each one signifying a different American household. A similar file was seen by UpGuard when the personal details of 198 million American voters, compiled in a dataset by a data firm used by the Republican National Committee, were exposed. To highlight the breadth of the issue, UpGuard said the exposed data reveals over 3.5 billion fields of personally identifying details and data points about virtually every American household, including racial and ethnic information. The spreadsheet uses anonymized identifiers, but the information in the other few billion fields are very detailed, UpGuard said. Home addresses, contact information, mortgage status, financial histories, and very specific analysis of purchasing behavior — such as domestic travel habits, if someone is a cat enthusiast, and their sporting interests — is up for grabs in the exposed data. As for how this happened, ZDNet says, “the bucket was configured via permission settings to allow any AWS ‘Authenticated Users’ to download its stored data. Authenticated users are any user that has an AWS account.”
Read more of this story at Slashdot.