iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Over 600,000 court records and other sensitive documents have been leaked after an information research provider left a sensitive database publicly accessible.
As discovered by cyber security researcher Jeremiah Fowler, SL Data Services/Propertyrec, a research firm that deals with criminal records and real estate ownership information, left a database without encryption or password protection, exposing 713.1 gigabytes of data.
The database contained 644,869 PDF files that contained mostly background checks, as well as court records, vehicle records, including VIN numbers and license plates, and property ownership records.
According to Fowler, 95 per cent of the data samples he accessed were labelled “background checks” and contained personal data, including full names, phone numbers, home and email addresses, social media accounts, criminal records, employment history, and family member information.
Prior to publishing his findings, Fowler sent a disclosure notice to SL Data Services/Propertyrec regarding the breach, to which he received no response. However, the database was secured and access was restricted.
Fowler also noted that from the week from the discovery of the database to when access was restricted, the database grew 151,058 records, from 513,876 to 664,934.
“These background checks are likely conducted without the knowledge or consent of the individual under review,” said Fowler.
“In the United States, court records and sex offender status are generally considered public records. However, when combined with enough data points, attackers could potentially piece together full profiles of those individuals, their associates, employers, or family members.
“Hypothetically, the background checks could provide criminals with additional information that could be used to launch targeted phishing attempts or social engineering attacks. The criminals could potentially leverage information about family members, employment, or criminal cases to obtain additional sensitive personal information, financial data, or other privacy threats.”
He also noted that while SL Data Services/Propertyrec said it offers access to documents for as little as $1 a search, users who use the service are enrolled into a monthly subscription without their knowledge.
At this stage, it doesn’t appear that the exposed database has been used by threat actors to launch other cyber attacks.
Be the first to hear the latest developments in the cyber industry.
