Jeremiah Fowler, a cybersecurity researcher, uncovered and notified VPNMentor about an exposed database related to the New York-based online business Real Estate Wealth Network. The compromised database had 1.5 billion records, including real estate ownership data for millions of people.
The database, which had a total size of 1.16 TB (1,523,776,691 records), had organised folders containing information on property owners, sellers, investors, and internal user tracking data. It included daily logging records from 4/22/23 to 10/23/23 that included internal user search data.
Cameron Dunlap founded Real Estate Wealth Network in 1993 to provide education and resources for real estate investors. The platform costs a one-time, non-refundable fee of $1,450 for access to a vast collection of data, which includes online courses, training materials, a community, and mentorship/coaching from experienced experts.
Upon further investigation, Fowler discovered that the exposed database contained the purported property ownership data of celebrities including Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk & Associates LLC, Dolly Parton, Donald J. Trump, Mark Wahlberg, and Nancy Pelosi.
The online disclosure of celebrities' addresses could pose a number of threats, including concerns for their safety, invasion of privacy, stalking, and harassment by fans or malicious people.
"The data was organised in various folders according to property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgements, obituary (death), vacant properties, and more," VPNMentor’s blog post read.
Everyone, famous or not, is at risk because real estate tax data, which includes information on property ownership, assessed property values, tax assessment history, and property tax payment history, can be used by criminals to gather personal information on property owners.
Threat actors can utilise the data to target individuals with social engineering or phishing attacks, with the goal of obtaining financial or other personal information. The disclosure of data revealing whether a person bought their home with cash, without a mortgage loan, or has fully paid off their mortgage may increase the risk of financial fraud.
Property and mortgage fraud remain major issues, with the FBI reporting 11,578 incidents resulting in $350 million in losses in a single year, a 20% rise from 2017. Typically, property fraud entails taking a homeowner's identity and fabricating ownership documentation.
Although the disclosed database has been locked from public access, a Real Estate Wealth Network representative confirmed ownership. The duration of the exposure and the possibility of unauthorised entry remains unknown. Only a forensic audit conducted internally could determine whether the records were accessed, extracted, or downloaded.
This incident serves as a clear warning of the possibility of fraudulent activity involving easily accessible information. Property owners should be vigilant when disclosing personal information, especially in response to unsolicited requests for property information. Understanding the risks associated with semi-public data is critical for asset protection.