Security Market Segment LS
Wednesday, 20 December 2017 12:02

Personal info of 123m Americans found in unsecured AWS bucket


The personal information of 123 million American households collected by the California data analytics firm Alteryx has been found in an unsecured Amazon Web Services S3 bucket on the Web.

The find was made by Chris Vickery, director of Cyber Risk Research at the securty firm UpGuard, on 6 October at the subdomain "alteryxdownload"

In a blog post, UpGuard said that within the repository were massive datasets belonging to Alteryx partner Experian, the consumer credit reporting agency, as well as the US Census Bureau, providing datasets from both Experian and the 2010 US Census.

While the Census data was publicly accessible, Experian’s ConsumerView marketing database contained both public details and more sensitive data. "Taken together, the exposed data reveals billions of personally identifying details and data points about virtually every American household," UpGuard claimed.

The data included home addresses and contact information, mortgage ownership and financial histories, and specific analysis of purchasing behaviour. UpGuard said it "constitutes a remarkably invasive glimpse into the lives of American consumers".

While the exposed files included Alteryx software releases and development files for applications which the firm had sold to its analytics customers, there were two other third-party files that were of greater concern.

One of the files contained data compiled about Americans; it contained more than 123 million rows, each about a different American household.

UpGuard said: "While each of the tens of millions of rows represents a different US household, the 248 columns cross-indexed compiles each household’s known or modelled personal details, preferences, and behaviour across a wide array of categories.

"With a total of over 3.5 billion fields to be filled with such data points, the index’s incredibly detailed level of insight is, ultimately, precisely what Experian claims to offer with its ConsumerView product, as described in a 2016 marketing brochure: 'ConsumerViewSM is the largest and most comprehensive resource for traditional and digital marketing campaigns. With thousands of attributes on more than 300 million consumers and 126 million households, ConsumerView data provides a deeper understanding of your customers, resulting in more actionable insights across channels'."

In the past, UpGuard has found misconfigured Amazon Web Services S3 buckets leaking data from credit repair service National Credit Federation, the NSA, the Pentagon, global corporate consulting and management firm Accenture, publisher Dow Jones, a Chicago voter database, a North Carolina security firm, and a contractor for the US National Republican Committee.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments