Amazingly large numbers of people are still being exposed by sensitive data that is leaking online, most likely from databases owned by People Data Labs.
The research team found a dataset on June 25th that had over 170 million records of sensitive data that were open to everyone online.
Among the stolen information were:
- Full names
- Phone numbers
- Emails
- Location details
- Skills
- Professional summaries
- Education history
- Employment history
The proof of the data break leads to People Data Labs (PDL), a data broker with headquarters in San Francisco, as the dataset that was leaked carried the name “PDL.”
The company’s website states that it has 1.5 billion profiles of people that are available for use by various companies for data improvement hiring, marketing, and sales. “Unparalleled coverage across over 150 data points” is PDL’s claim to renown.
Since the organization was not directly linked to the open Elasticsearch server that caused the leak, it is possible that an unnamed third party handled the company’s data illegally.
The fact that the Elasticsearch server needs to be password-protected must be stated, even though it is still unknown who is ultimately to blame for the data failure. This kind of unprotected data can be found by threat actors in a matter of seconds, increasing the likelihood that people would fall victim to phishing attacks and identity theft.
Due to their often lack of proper checks and controls to guarantee that data isn’t sold to the wrong parties, the very presence of data brokers is already a subject of debate. The Cybernews study team stated that “leaking large segments of their datasets makes it easier and more convenient for threat actors to abuse the data for large-scale attacks.”
It is necessary to mention that the Elasticsearch server requires a password, even though the final cause of the data failure is still unknown. Threat actors can locate this kind of exposed data in a matter of seconds, making it more likely that people will become victims of identity theft and phishing schemes.
The concept of data brokers itself is already an issue of debate because of their regular absence of proper checks and controls for making sure that data isn’t sold to the wrong parties. “Leaking large segments of their datasets makes it easier and more convenient for threat actors to abuse the data for large-scale attacks,” according to the Cybernews study team.
Our researchers continued, “Since this is a new leak and the data was not processed and enriched by a third party from the 2019 leak, such an incident would show a high level of ignorance from the company regarding personal data security.”
Cybernews is awaiting a response from PDL after reaching out to them for comment.
If you think you could have been affected by the data leak, there are a few things you can do to lessen the damage.
Also read: Top 3 Workforce Management Companies in India You Should Know
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
