Database Reveals Information on 56 Million US Residents

Summary

A public-facing database containing personal details of approximately 56 million US residents was discovered on a server with a Chinese IP address and linked to the web-hosting company Alibaba, located in Hangzhou, China. The NoSQL database included metadata that associates the archive to CheckPeople[.]com, a people search directory that, for a fee, provides public records pertaining to specific persons from sources such as government, corporations, and social networks. Exposed data contains names, including previous aliases, past and present home addresses, phone numbers, email addresses, names of relatives, and ages. The company also provides criminal records, though this information was not exposed in the database. Despite the information being sourced from public records, the large compilation could be used by threat actors for various purposes, such as social engineering, impersonation, or identity theft. The database was disconnected within 24 hours of reporting. A spokesperson for CheckPeople expressed that records are stored on secure servers hosted in the US and are unaware of a legitimate database hosted in China, further stating that an investigation will be conducted. Additional details can be found in The Register article.