A significant data leak involving over 170 million records has been traced to a US data broker, raising serious concerns about data security and privacy.
The breach was uncovered by Cybernews researchers and involves sensitive information, putting millions at risk of identity theft.
The Discovery of the Data Leak
Cybernews researchers have recently unveiled a massive data leak that can be traced back to a San Francisco-based data broker, People Data Labs (PDL). This leak, consisting of over 170 million records, has raised significant concerns about data security and privacy.
The exposed data includes highly sensitive information such as full names, phone numbers, emails, locations, skills, professional summaries, education history, and employment history. This breadth of exposed data poses a substantial risk of identity theft for the individuals involved.
The Unprotected Elasticsearch Server
The root cause of this breach has been identified as an unprotected Elasticsearch server. The server was discovered by the Cybernews team on June 25, leading to suspicions that a third party was managing PDL’s data storage systems.
This vulnerability comes as no surprise to some, given that data brokers often grapple with issues related to data security. “The existence of data brokers is already a controversial issue, as they often have insufficient checks and controls to ensure that data doesn’t get sold to the wrong parties,” Cybernews noted.
A History of Data Leaks
This is not the first time PDL has been implicated in a data breach. Back in October 2019, the company was linked to another significant leak that exposed more than a billion records, affecting around 622 million individuals.
At that time, PDL denied responsibility for the breach, asserting that it was not accountable for the leaked data. However, the repeated incidents of data exposure have raised serious questions about the company’s commitment to data security.
Cybernews stated: “If this is a new leak, and not processed and enriched data from the 2019 leak by a third party, such an incident would show a high level of ignorance from the company regarding personal data security.”
Preventive Measures for Affected Individuals
Individuals who suspect that their data may have been compromised should take immediate action to safeguard their information. It is advisable to change passwords regularly and use a trusted password manager to keep track of credentials.
Additionally, enabling two-factor authentication and closely monitoring account activities can provide an extra layer of security. These measures can help mitigate the risk of unauthorized access and potential identity theft.
Contacting People Data Labs
Despite attempts to reach People Data Labs for confirmation regarding their association with the recent leak, no immediate response was received. This lack of communication has only added to the concerns surrounding the company’s practices.
The silence from People Data Labs is unsettling for many, as transparency and prompt communication are crucial in managing the fallout from such breaches.
Implications for Data Brokers
The recent leak underscores the need for stricter regulations and stronger security measures for data brokers. Ensuring that sensitive information is adequately protected should be a top priority for these entities.
Legislative actions and industry guidelines must evolve to address the growing complexities of data security. Protecting consumer data is not just a regulatory requirement but an ethical responsibility for all data-handling entities.
Conclusion
The recent data leak involving People Data Labs is a stark reminder of the vulnerabilities that exist in data storage and management.
As more incidents of this nature come to light, the need for robust security measures and regulatory oversight becomes increasingly evident.
The recent data leak involving People Data Labs is a stark reminder of the vulnerabilities that exist in data storage and management.
As more incidents of this nature come to light, the need for robust security measures and regulatory oversight becomes increasingly evident.
Source: Techradar