Massive Data Breach Exposes Sensitive Info of Hundreds of Thousands

A massive data breach has exposed the personal information of 644,869 American citizens. A security researcher, Jeremiah Fowler, discovered a completely unsecured online database containing incredibly sensitive details.

What Information Was Exposed?

The database, belonging to SL Data Services/Propertyrec – a company that provides background checks and other records – contained a wealth of personal information. This included:

  • Full names
  • Home addresses
  • Phone numbers
  • Email addresses
  • Employment details
  • Family member information
  • Social media accounts
  • Criminal records
  • Birth and death certificates
  • Court records
  • Vehicle records
  • Property ownership information

The data was stored in a massive, unencrypted Amazon S3 bucket, totaling 713 gigabytes.

The Unanswered Questions

Fowler was unable to determine how long the database was exposed or if anyone else accessed it before he discovered the breach. He contacted SL Data Services/Propertyrec, but received no response. It’s unclear whether the company directly managed the database or if a third-party contractor was responsible. Only an internal audit could reveal the full extent of the breach.

A Pattern of Breaches?

This incident follows a similar breach in August involving National Public Data (NPD), which reportedly exposed the personal information of 270 million people. This highlights a growing concern about the security of sensitive personal data held by these types of companies.