170 million data breaches traced to US data broker
Cyber News Researchers have discovered a massive data breach believed to be linked to People Data Labs (PDL), a San Francisco-based data broker, that contains more than 170 million records.
The leaked data includes sensitive information such as full names, phone numbers, email addresses, locations, skills, professional summaries, education history, and employment history, putting those affected at risk of identity fraud.
The leak was discovered by the team on June 25 on an unprotected Elasticsearch server, indicating that a third party may be responsible for managing PDL’s data.
PDL data breach involves 170 million records
While an unknown threat actor is likely responsible for the data leak, Cybernews has identified the poorly secured Elasticsearch server as a key vulnerability.
The team sums it up as follows: “The existence of data brokers is already a controversial topic, as they often lack sufficient checks and controls to ensure data is not sold to the wrong parties.”
If the breach does indeed involve PDL, it wouldn’t be the first time the company has been linked to a breach. In October 2019, it was revealed that more than a billion records from the company’s databases had been exposed online, reportedly affecting 622 million people. PDL said at the time that it wasn’t responsible for the breach.
Cybernews continued: “If this is a new breach, and not processed and enriched data from the 2019 breach by a third party, then such an incident would demonstrate a high level of ignorance on the part of the company regarding the security of personal data.”
People who suspect they may be infected, or who have received suspicious emails, or who simply want to keep their digital hygiene as optimal as possible, should change their passwords regularly and use a reliable password manager. They should also enable two-factor authentication and monitor their accounts.
TechRadar Pro has reached out to People Data Labs to ask if they are involved in this breach, but we have not yet received a response.