“Gearbest’s database isn’t just unsecured. It’s also providing potentially malicious agents with a constantly-updated supply of fresh data.”

24 million records, one server, no password.

The database did not require visitors to enter a username or password to access the information.

Cybersecurity organization Hacken said it found the misconfigured servers as part of a regular security audit. The data appears to come from millions of U.S. residents.

In March, Google found that a flaw in its Google+ People API exposed data including name, email address, occupation, gender and age. "We found no evidence that any profile data was misused," the company said.