New Delhi -°C
Today in New Delhi, India

Jan 25, 2020-Saturday
-°C

Humidity
-

Wind
-

Select city

Metro cities - Delhi, Mumbai, Chennai, Kolkata

Other cities - Noida, Gurgaon, Bengaluru, Hyderabad, Bhopal , Chandigarh , Dehradun, Indore, Jaipur, Lucknow, Patna, Ranchi

Home / Tech / 1.2 billion records of personal data exposed in one of the biggest breaches

1.2 billion records of personal data exposed in one of the biggest breaches

Your profile information may be part of the Data Enrichment Exposure From PDL Customer data breach. Here’s what’s known about the latest security breach.

tech Updated: Nov 24, 2019 19:04 IST
HT Correspondent
HT Correspondent
Hindustan Times
1.2 billion records exposed
1.2 billion records exposed(Google)
         

Over 1.2 billion records of personal data have leaked online in a massive security breach. The leaked data contains email IDs, employers, social media profiles, phone numbers, names, job titles and even geographic locations.

Discovered by security researchers Vinny Troia and Bob Diachenko, the exposed data comes with an index which suggests it was essentially sourced from a data enrichment company called People Data Labs. The unprotected Elasticsearch server contained as many as 622 million unique email addresses, researchers added.

“The server was not owned by PDL and it’s believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data,” read an email notification from Have I been pwned.

Interestingly enough, there’s very little information about PDL which claims to build “people data.” According to its LinkedIn profile, the San Francisco-based company has dataset of 1.5 billion unique person profiles which can be used to “build products, enrich person profiles, power predictive modeling/AI, analysis, and more.”

The date of breach is October 16, 2019.

ALSO READ: WhatsApp vulnerabilities that put users’ data at risk

 

Security implications

While the leaked information may seem general in nature, these can be very well exploited by cybercriminals to launch phishing attacks, spam and even sell them on the dark web.

ALSO WATCH: Spyware attack on Indians via WhatsApp? | ‘Pegasus’ controversy explained

“…regardless of how well these data enrichment companies secure their own system, once they pass the data downstream to customers it’s completely out of their control. My data - almost certainly your data too - is replicated, mishandled and exposed and there’s absolutely nothing we can do about it. Well, almost nothing...,” wrote security researcher Troy Hunt in a blog post.

ALSO READ: Google’s Password Checkup to become default feature on Chrome browser

“The recurring theme I’m finding with exposed data of this nature is increasing outrage that the data aggregator obtained and used personal information in a fashion the owner of the data (i.e. me) didn’t consent to. It’s not about how public the data might be through the channels people choose to publish it, rather it’s about the use of the data outside its intended context,” he added.