Subj : 170 million strong data leak traced to US data broker
To   : All
From : TechnologyDaily
Date : Mon Sep 02 2024 18:45:05

170 million strong data leak traced to US data broker

Date:
Mon, 02 Sep 2024 17:44:00 +0000

Description:
Large-scale data leak attributed to poorly protected Elasticsearch server, 
but no threat actor identified.

FULL STORY
======================================================================

 Cybernews researchers have uncovered a colossal data leak believed to be 
related to People Data Labs (PDL), a San Francisco-based data broker, 
containing over 170 million records. 

Breached data includes sensitive information like full names, phone numbers, 
emails, location, skills, professional summaries, education history and 
employment history, putting those affected at risk of identity theft . 

An unprotected Elasticsearch server has been identified as being responsible 
for the leak, discovered by the team on June 25, indicating that a third 
party may have been responsible for managing PDLs data. PDL data leak 
includes 170 million records 

Although an unknown threat actor is likely responsible for leaking the data, 
Cybernews has highlighted the poorly protected Elasticsearch server as a key 
vulnerability. 

The team summarized: The existence of data brokers is already a controversial 
issue, as they often have insufficient checks and controls to ensure that 
data doesnt get sold to the wrong parties. 

If the leak does indeed pertain to PDL, it wont be the first time the company 
has been associated with a leak. In October 2019, it was revealed that more 
than a billion records from the companys databases were exposed online, 
believed to have affected 622 million individuals. At the time, PDL said that 
it wasnt responsible for the leak. 

Cybernews continued: If this is a new leak, and not processed and enriched 
data from the 2019 leak by a third party, such an incident would show a high 
level of ignorance from the company regarding personal data security. 

Those who suspect they may have been affected together with anybody who has 
received any suspicious emails, or simply those wanting to maintain the 
highest levels of digital hygiene, should change their passwords regularly 
and use a trusted password manager , enable two-factor authentication and 
monitor their accounts. 

 TechRadar Pro has contacted People Data Labs to confirm its association with 
this leak, but we did not receive an immediate response. More from TechRadar 
Pro Check out the best VPN with antivirus Worried you mightve downloaded 
something dodgy? Heres the best malware removal National Public Data finally 
confirms it was hit by data breach  and that millions of users are at risk



======================================================================
Link to news story:
https://www.techradar.com/pro/security/170-million-strong-data-leak-traced-to-
us-data-broker


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.