The database, discovered by security researchers at vpnMentor, belongs to X Social Media, an advertising company that carries out Facebook and Instagram advertising campaigns for the legal industry. One of the company's main interests and priorities is advertising for medical malpractice lawsuits and injury-related collective lawsuits.
The purpose of these advertising campaigns is to collect interest from potential parties. Users are redirected to dedicated websites where they fill out forms to see if they are eligible for specific cases and possible legal aid.
Researchers at vpnMentor point out that the database that X Social Media collects this information is open on the Internet without a password, allowing anyone to access and download its content.
Researchers say the database contains more than 150,000 responses from users who fill out forms. The data contained in these tables usually include full names, e-mail addresses, home addresses, telephone numbers and details related to their cases - mainly for medical injuries.
"The injuries described in the database include injuries suffered by American veterans, medical equipment, drug use, side effects of drugs and defects in infant products," VPN Mentor said in a report published this week. Detailed information on war injuries includes not only the date and location of the injury, but also the detailed medical information and mental trauma suffered by the person thereafter.
In addition to highly sensitive information about various injuries and legal cases, X Social Media's database contains information about all customers, advertising campaign indicators, and even all invoices of the company.
If hackers find the database and steal its content, the data will become the "trump card" in the hands of the company's competitors, who may use it to disrupt the business of X Social Media or simply damage its reputation.
"In the future, law firms may be reluctant to work with companies that have experienced such large-scale data leaks," said vpnMentor researchers.
It is not clear whether any unauthorized person has access to or downloaded the data, as X Social Media has not responded to a request for comment or disclosed this detailed information to vpnMentor.
After the vpnMentor researchers informed the company, the advertising agency closed access to its database on June 11.