A database containing the personal details of 56.25 million US residents that allegedly belongs to CheckPeople.com website was exposed online.
A database containing the personal details of 56.25 million US residents that allegedly belongs to the CheckPeople.com website was exposed online on a server having a Chinese IP address.
The huge trove of data includes names, home addresses, phone numbers, and ages. The size of the NoSQL database is 22GB and included metadata that links the collection to CheckPeople.com.
The CheckPeople.com service allows subscribed users to search for information about people of interest (i.e. current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases). The data are likely collected by the service from public sources.
The strange aspect of this discovery is that the archive is exposed on an IP address operated by an Alibaba’s web hosting company in Hangzhou, China.
“However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it’s being served from an IP address associated with Alibaba’s web hosting wing in Hangzhou, east China, for reasons unknown.” reads the post published by The Register that reported the news in exclusive. “It’s a perfect illustration that not only is this sort of personal information in circulation, but it’s also in the hands of foreign adversaries.”
The archive was discovered by a white-hat hacker that goes online with the handle Lynx that shared his findings with The Register.
“In and of itself, the data is harmless, it’s public data, but bundled like this I think it could actually be worth a lot to some people,” Lynx told El Reg this week. “That’s what scares me, when people start combining these with other datasets.”
The archive did not contain criminal record searches, even if this kind of information is provided by the CheckPeople service.
The Register has attempted to report the discovery to CheckPeople, but the company has yet to respond.
It is not clear if CheckPeople hosted its server in China or someone has obtained its data and exposed online, the unique certainly is that data belonging to 56.5 million American residents are now available for the Chinese Government and crooks.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.