There are only a few clues as to what the data is for. Everyone in the database is over 40, and the presences of “member_code” and “score” in each entry suggests this is for a service. The emphasis on household info and residences suggests that the database might belong to a home-oriented company. It’s relatively recent, at least — Rotem told CNET that the server hosting the info came online in February.

Microsoft has declined to comment, although it’s not strictly up to that company to lock down the info since it’s merely the host. It can reach out to the customer, but it’s not clear if that has happened.

Whoever’s responsible for the data, it’s still a serious privacy breach. If people with malicious intent discovered the database, they could use it for fraud, stalking or even break-ins. This also underscores the fragility of personal data. It’s only secure if a company wants it to be, and users frequently aren’t told how their data is stored. In some cases, the only safeguard is obscurity.