Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Uncategorized

Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records

Real Estate Wealth Network database containing real estate ownership data, including for celebrities and politicians, was found unprotected.

An unprotected database belonging to Real Estate Wealth Network was left accessible from the internet for an unknown period, vpnMentor reports.

Founded in 1993 and based in New York, Real Estate Wealth Network is an online real estate education platform that provides subscribers with access to courses, training materials, and a community.

Discovered by cybersecurity researcher Jeremiah Fowler, the unprotected database was 1.16 terabytes in size, containing more than 1.5 billion records.

“The data was organized in various folders according to: property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgments, obituary (death), vacant properties, and more,” the researcher says.

Within the folders, the researcher found details on property owners, investors, and sellers, as well as logging records spanning between April and October 2023 and containing names, addresses, phone numbers, email addresses, device information, and details on the files the user had accessed.

The exposed information, Fowler says, pertained to millions of individuals, including celebrities and politicians, such as “Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk & Associates LLC, Dolly Parton, Mark Wahlberg, Nancy Pelosi, and others”.

“I was able to see their street address, purchase price and date, mortgage company, mortgage loan amount, tax ID numbers, taxes owed, paid, or due, and other information,” Fowler says.

The researcher reported the finding to Real Estate Wealth Network, which immediately blocked public access to the database and confirmed ownership a few days later.

Advertisement. Scroll to continue reading.

Fowler notes that he could not determine for how long the database was exposed to the internet and who might have accessed it, pointing out that only an internal forensic audit could reveal whether the information might have been accessed or downloaded.

The researcher points out that while property tax records in the US are considered semi-public, full public access to ownership information is typically not available.

“When searching the database, I found my own property, my name, address, purchase date, and other details. I then checked my local county tax and revenue office to see if such data was publicly available and found that my local county does not offer this information online,” the researcher notes.

The exposure of this data, Fowler notes, poses potential risk to the personal privacy, safety, and security of celebrities and politicians, but could also lead to information misuse and to property and mortgage fraud.

“It is unknown how long the data was publicly exposed or even if anyone else may have accessed it. I am not saying individuals in the Real Estate Wealth Network database are at an imminent risk, I am only providing a hypothetical example of how real estate or other forms of fraud could happen using exposed ownership records and tax information,” the researcher notes.

Related: Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk

Related: Misconfigured Public Cloud Databases Attacked Within Hours of Deployment

Related: Thousands of Mobile Apps Expose Data via Misconfigured Cloud Containers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Management & Strategy

Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Ransomware

A new CISA pilot program to warn critical infrastructure organizations if their systems are unpatched against vulnerabilities exploited in ransomware attacks.

Cybersecurity Funding

B2B payment security provider NsKnox raised $17 million in a new funding round that brings the total raised by the company to $35.6 million.

Cybersecurity Funding

Silk Security raised $12.5 million in seed funding and is on a mission to break down the silos between security and development with an...

Uncategorized

ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.

Uncategorized

Exploitation of a critical vulnerability (CVE-2023-46747) in F5’s  BIG-IP product started less than five days after public disclosure and PoC exploit code was published.

Uncategorized

Thomas McCormick, aka fubar, an administrator of the Darkode hacking forum, has been sentenced to 18 months in prison.