1.2 billion records of personal data exposed in one of the biggest breaches
Your profile information may be part of the Data Enrichment Exposure From PDL Customer data breach. Here’s what’s known about the latest security breach.
Over 1.2 billion records of personal data have leaked online in a massive security breach. The leaked data contains email IDs, employers, social media profiles, phone numbers, names, job titles and even geographic locations.
Discovered by security researchers Vinny Troia and Bob Diachenko, the exposed data comes with an index which suggests it was essentially sourced from a data enrichment company called People Data Labs. The unprotected Elasticsearch server contained as many as 622 million unique email addresses, researchers added.
"The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data," read an email notification from Have I been pwned.
Interestingly enough, there's very little information about PDL which claims to build "people data." According to its LinkedIn profile, the San Francisco-based company has dataset of 1.5 billion unique person profiles which can be used to "build products, enrich person profiles, power predictive modeling/AI, analysis, and more."
The date of breach is October 16, 2019.
ALSO READ: WhatsApp vulnerabilities that put users' data at risk
Interesting point on where "enrichment" services may populate their data from. Imagine all the different data sources that are available these days to create rich profiles on billions of people… https://t.co/Y1xoauonJY— Troy Hunt (@troyhunt) November 22, 2019
While the leaked information may seem general in nature, these can be very well exploited by cybercriminals to launch phishing attacks, spam and even sell them on the dark web.
ALSO WATCH: Spyware attack on Indians via WhatsApp? | 'Pegasus' controversy explained
"…regardless of how well these data enrichment companies secure their own system, once they pass the data downstream to customers it's completely out of their control. My data - almost certainly your data too - is replicated, mishandled and exposed and there's absolutely nothing we can do about it. Well, almost nothing...," wrote security researcher Troy Hunt in a blog post.
ALSO READ: Google's Password Checkup to become default feature on Chrome browser
"The recurring theme I'm finding with exposed data of this nature is increasing outrage that the data aggregator obtained and used personal information in a fashion the owner of the data (i.e. me) didn't consent to. It's not about how public the data might be through the channels people choose to publish it, rather it's about the use of the data outside its intended context," he added.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.