February 24, 2024

A cybersecurity researcher discovered an exposed real estate database containing more than 1.5 billion records, including those containing the home addresses of high-profile celebrities and politicians.

In a write-up for vpnMentor, Jeremiah Fowler detailed how the database, linked to the New York-based company Real Estate Wealth Network, was left openly accessible online without password protection.

“The exposed database contained a total 1,523,776,691 records with a size of 1.16 TB,” Fowler wrote. “The data was organized in various folders according to: property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgments, obituary (death), vacant properties, and more.”

Aside from information on property owners, sellers, and investors, the database also contained the names, physical addresses, and phone numbers of users who queried its contents. Those who pay a subscription fee to Real Estate Wealth Network, which describes itself as an online real estate education platform, are able to search small portions of the database.

Fowler further noted that he was not only able to find his own property ownership information in the data but records associated with Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk, Dolly Parton, Mark Wahlberg, Zach Galifianakis, Donald Trump, and Nancy Pelosi.

“I was able to see their street address, purchase price and date, mortgage company, mortgage loan amount, tax ID numbers, taxes owed, paid, or due, and other information,” Fowler said.

After alerting the company to the exposure, Fowler says Real Estate Wealth Network quickly secured the database. It remains unclear how long the data was exposed and whether any nefarious actors had gained access.

In remarks to the Daily Dot, Fowler stated that such information could be used for an assortment of crimes.

“Data is valuable and it can serve as a puzzle piece to create a larger picture of potential victims. As an example, if a criminal filters the records and sees that a person paid cash for a house, or has no mortgage loan, it could be assumed they have a large sum of money and then become a targeted victim for fraud,” Fowler said. “Once data is leaked, we have no idea how it will be used for years to come and there is no shortage of creativity when it comes to criminal activity.”

And while some property records are semi-public, there is no central database that allows citizens access to any and all information. Different counties across the country have different rules in place for obtaining such records. In Fowler’s own county, for example, anyone seeking property information would have to “physically come to the courthouse, show identification, and sign a form to view real estate tax information.”

“This data was publicly exposed, potentially allowing anyone with an internet connection open access to tax and ownership information without any security controls,” Fowler told the Daily Dot. “This creates a potentially serious privacy issue when someone located in Russia or North Korea could access records that local citizens cannot.”


We crawl the web so you don’t have to.

Sign up for the Daily Dot newsletter to get the best and worst of the internet in your inbox every day.

Share this article

*First Published: Dec 21, 2023, 9:10 am CST

Mikael Thalen

Mikael Thalen is a tech and security reporter covering social media, data breaches, hackers, and more.