Incident Overview
In 2023, the Real Estate Wealth Network (REWN) suffered a major data exposure due to a misconfigured database left open without password protection. This breach, discovered by security researcher Jeremiah Fowler, exposed over 1.5 billion records of sensitive information, including details about high-profile individuals such as celebrities and politicians.
Exposed Data
- Data Volume: 1.16 TB containing approximately 1.5 billion records.
- Sensitive Details: Included property histories, names, addresses, phone numbers, mortgage information, bankruptcy filings, tax liens, and user logs.
Disclosure and Response
Fowler alerted vpnMentor, which notified REWN. The database was secured shortly after, but the duration of the exposure and potential unauthorized access remain unclear, necessitating an internal forensic audit.
Risks Identified
- Privacy Risks: Exposed personal information could lead to harassment or stalking of high-profile individuals.
- Fraud Potential: Detailed data could facilitate identity theft and property scams, with criminals able to exploit information about mortgage-free properties.
Recommendations
Organizations must prioritize data security to protect sensitive information. Property owners should be cautious when sharing personal details and understand the risks of publicly accessible data. Regular audits and robust access controls are vital to prevent future breaches.
