- Security researcher finds unsecured 38 GB database containing 10,820 records
- Names, postal addresses and more were leaked to the open internet
- The archive owned by Imdatacenter is now closed
Imdatacenter, a Florida-based data hygiene, improvement and append service provider, have been found delicious thousands of sensitive personal items for the open internet.
Security scientist Jeremiah Fowler discovered a non-encrypted and non-passord-protected database containing 10,820 items. It was 38 GB in size, where the majority of files were .csv -Crees sheets with “Many thousands or hundreds of thousands of rows of PII.”
There is no evidence of abuse in nature yet, but PII (personally identifiable information) included people’s names, postal addresses, e -mail addresses, telephone numbers and lifestyle or ownership information.
Locking of the database
“The registrations seemed to be a stock storage place for client orders labeled” Reports “and” Results “,” Fowler told Site plane.
“Filne names indicated that these lists were used for several purposes, including sales and marketing cords for industries such as insurance, sun, choices, car guarantees, hospitals, healthcare providers and more.”
Imdatacenter is a Florida-based branch of Brooks Integrated Marketing that offers a platform for improving marketing data, including identity resolution, telephone and e-mail supplement, complete integrated marketing append (CIMA) and more.
The platform’s data library spans 260 million individuals, 130 million households, 600 million E emails, 550 million phone numbers and more.
Fowler reached out to the company to warn them of the leaking information and the database was locked shortly after.
“Data security is really important to us too, and we really appreciate you sharing this information with us,” they told the researcher. “We are working to secure the information ASAP”.
The researcher also emphasized that many companies hire third -party providers to own and manage such databases. It is unknown who maintains Imdatacters. It is also unknown whether any malicious actors found the database in the past or abused it for phishing, identity theft or similar imitation attacks.
