(Photo: Shutterstock)
(Bloomberg) –A database aggregating 1.2 billion users' personal information, including social media accounts, email addresses and phone numbers, was discovered unprotected on a server last month. So far, it's not clear how it got there.
Most of the data was collected by a company called People Data Labs, said Vinny Troia, chief executive officer of Night Lion Security, which is based in St. Louis. People Data Labs provides work emails and social media account details for what the company claims is a billion and a half people. That data is scraped from various sources and sold as a way to contact "70%+ decision makers in the US, UK and Canada," according to the company's website.
The unprotected data didn't reside on a People Data Labs' server, but rather was on a Google Cloud server, Troia said. Google didn't respond to a request for comment about who was renting the server.
Sean Thorne, People Data Labs' co-founder and chief executive officer, said some, but not all, of the data came from his company and suspects it was being aggregated by another firm merging various data points.
"We're committed to ensuring that our bulk data dumps are not exposed," People Data Labs says on its website. "We're extremely sensitive to this and have multiple white-hat partners who are searching the internet in an effort to find vulnerable data sets and clamp down on them before they are discovered by nefarious actors."
The discovery was previously reported by Wired.
Troia, who made the discovery in October during a routine scan for unprotected data, said he reported the four terabyte trove and its location to the Federal Bureau of Investigation. The server has since been shut down, he said. The FBI didn't immediately responded to requests for comment.
Troia says he doesn't know who left the data on that server, saying it could be malicious hackers or People Data Labs' own customers. He said the discovery of social media accounts would be particularly valuable in the hands of criminal hackers or peddlers of misinformation.
"This is the first time ever that I've seen emails, names and numbers linked with Facebook, Twitter, LinkedIn and Github profiles all in one spot," said Troia, who describes himself as a cybercrime hunter. "There are no passwords related to this data, but having a new, fresh set of passwords isn't that exciting anymore. Having all of this social media stuff in one place is a useful weapon and investigative tool."
READ MORE:
- Benefits pros: Avoid becoming collateral damage in a cyberattack
- How do cyber threats impact public entities?
- 5 cybersecurity threats
Copyright 2019 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
