The Personal Details of 35 Million Americans Have Been Exposed via an Unprotected Database

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

An unknown entity that holds a marketing database that has been left open to access by anyone with a web browser and a valid URL has irreversibly exposed the personal details of about 35 million Americans, residents of Chicago, Los Angeles, and San Diego. The exposed database was discovered by researcher B. Diachenko on June 26, 2021, but since the owner was impossible to discern, there have been no contacting attempts to anyone. By July 27, 2021, the data remained exposed and accessible without requiring a password, but today, Amazon eventually took it down.

The types of data contained in the exposed set include the following:

Source: Comparitech

The implications of having an above fall into the wrong hands would be having to deal with scamming attempts, phishing attacks, high-level social engineering, spam, and more. In the demographic data set, there are details like personal interests, estimated income, net worth, media consumption preferences, pet ownership, property information (value, pool existence, purchase date), lifestyle information, purchasing habits, affiliations, etc. Each person’s entry contains 268 fields of information, so this is a pretty rich set of data.

Source: Comparitech

The data was collected between 2010 and May 2021, so there are some very recent entries. Because of the complete absence of any ownership details, Diachenko has made the assumption that this could be the result of a scraping incident from a marketing company, with the actors then storing the data on a misconfigured server for spamming purposes. The fact that the host had its time zone set to Kolkata, India, further backs this hypothesis.

If you live in Chicago, Los Angeles, or San Diego, you should remain vigilant against email, SMS, phone calls, or even post mail communications that may attempt to trick you. Considering how much information the scammers hold on you, it would be fairly easy to convince you of anything. Also, don’t forget to report any attempts of this kind to the police, which could save others from getting scammed.

Unfortunately, these incidents are so frequent that even keeping up with what has been leaked is challenging for everyone. The general advice is to treat all incoming emails with suspicion, and whenever you’re met with the urgency, you should treat it as a giant red flag.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: