56.25 million US residents records collected by CheckPeople exposed on a Chinese server

A database containing the personal details of 56.25 million US residents that allegedly belongs to CheckPeople.com website was exposed online.

A database containing the personal details of 56.25 million US residents that allegedly belongs to the CheckPeople.com website was exposed online on a server having a Chinese IP address.

The huge trove of data includes names, home addresses, phone numbers, and ages. The size of the NoSQL database is 22GB and included metadata that links the collection to CheckPeople.com.

The CheckPeople.com service allows subscribed users to search for information about people of interest (i.e. current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases). The data are likely collected by the service from public sources.

The strange aspect of this discovery is that the archive is exposed on an IP address operated by an Alibaba’s web hosting company in Hangzhou, China.

“However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it’s being served from an IP address associated with Alibaba’s web hosting wing in Hangzhou, east China, for reasons unknown.” reads the post published by The Register that reported the news in exclusive. “It’s a perfect illustration that not only is this sort of personal information in circulation, but it’s also in the hands of foreign adversaries.”

The archive was discovered by a white-hat hacker that goes online with the handle Lynx that shared his findings with The Register.

“In and of itself, the data is harmless, it’s public data, but bundled like this I think it could actually be worth a lot to some people,” Lynx told El Reg this week. “That’s what scares me, when people start combining these with other datasets.”

The archive did not contain criminal record searches, even if this kind of information is provided by the CheckPeople service.

The Register has attempted to report the discovery to CheckPeople, but the company has yet to respond.

It is not clear if CheckPeople hosted its server in China or someone has obtained its data and exposed online, the unique certainly is that data belonging to 56.5 million American residents are now available for the Chinese Government and crooks.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data leak, CheckPeople)

[adrotate banner=”5″]

[adrotate banner=”13″]