A security researcher recently discovered an unsecured database online which contained the personal information of 1.2bn users including their social media accounts, email addresses and phone numbers.
A majority of the data contained in the database was collected by a company called People Data Labs according to the CEO of Night Lion Security, Vinny Troia who first discovered it last month.
People Data Labs provides its customers with easy access to work emails and social media account details of over 70 percent of the decision makers in the US, UK and Canada. The company scrapes this data from various sources online and on its website, People Data Labs explains that it can even deliver this data straight to its customers, saying:
“A dataset of resume, contact, social, and demographic information for over 1.5 Billion unique individuals, delivered to you at the scale you need it. With just a few lines of code, you can begin enriching anywhere from dozens to billions of records with over 150 data points. If you don’t have the time, we can deliver the data straight to you via S3, SFTP, Google Drive, Elasticsearch.”
While People Data Labs provided its customers with data on others, the company didn’t store this data on its own servers, instead it did so on a Google Cloud server.
The company’s co-founder and CEO, Sean Thorne explained that some of the exposed data did come from it but he also suspects that it was aggregated by another firm which was merging various data points. People Data Labs is currently working to secure the data dump and the firm has enlisted multiple white-hat partners to search the internet for other vulnerable data sets before they are discovered by cybercriminals.
Vinny Troia was conducting a routine scan for unprotected data online when he made the discovery of the four terabyte database, after which he notified the FBI. He is unsure as to who left the data on the Google Cloud server but he believes it could have been hackers or even People Data Labs’ own customers. Troia explained that the information contained in this latest data dump could easily be leveraged by cybercriminals, saying:
“This is the first time ever that I’ve seen emails, names and numbers linked with Facebook, Twitter, LinkedIn and Github profiles all in one spot. There are no passwords related to this data, but having a new, fresh set of passwords isn’t that exciting anymore. Having all of this social media stuff in one place is a useful weapon and investigative tool.”