Another 1.2 Billion Unsecured Records Exposed by Analysts in Latest Data Breach

Two security researchers (Vinny Troia and Bob Diachenko) recently discovered an unsecured server that contained 1.2 Billion records of Personally-Identifying Information (PII) online. Where the data originated from and who aggregated it isn’t immediately clear, but the researchers found the information was readily available and contained over 4 TB of data.

Hundreds of Millions of People Affected

Although the dataset didn’t include any financial information like credit cards, passwords, or social security numbers, it did contain social media profiles for Twitter, Facebook, LinkedIn, and Github. There’s also work histories probably scraped from LinkedIn along with 50 million phone numbers and 622 million email addresses, all of which are unique.

Even without any financial information, the data allows hackers and bad actors to break into accounts or impersonate individuals. In certain circumstances, it may be enough information for hackers to access accounts and steal money. For the last decade, trading in data on the black market continued to increase with criminals buying and selling more and more information every year.

Breaches Remain on the Rise

Troia and Diachenko also discovered another 809 million records were left unsecured by a firm called in March this year. Compared to 2018, data exposures like these were up significantly in the first quarter of 2019, with the latest breach just adding to those numbers. Troia’s personal repository of exposed datasets grew from 4 billion in 2017 to 13 billion after this breach.

There’s been a significant increase in the number of records available to hackers and cybercriminals on the dark web. Troia’s firm, Data Viper, provides threat intelligence services and used the records for tracking and scanning incidents of breaches, but also provided the records to the HaveIBeenPwned network.

What’s the Difference Between the Latest Exposure and Previous Ones?

What surprised Troia with this exposure is in the way the owner curated the information. This dataset is different in that it wasn’t a random dump of records for criminals to reference, but instead, already aggregated with all related information readily available. According to Troia, the data seems to be a combination of four distinct datasets. Three of these included labels from a data brokerage firm based in San Francisco called People Data Labs.

Luckily, it appears that hackers didn’t breach the firm’s systems. Troia also thinks it would be easier for the criminals to purchase the data directly from the company or make use of a data-enrichment service offered by several companies to extract the information over time.

The final dataset came with the label “OXY”, which may point to the Wyoming-based broker Oxydata. However, the company denies experiencing any breach or using that label in their datasets.

Check If You’re Impacted on HaveIBeenPwned

The HaveIBeenPwned network already injected the 622 million email addresses and connected information to the service. If you’re concerned, you can use the HaveIBeenPwned service to verify if your email or any other information was included in the latest exposure.

With the continual rise in cybercrime’s popularity, every user should remain vigilant and ensure they protect all personal information. Unfortunately, with so much information already existing online, more and more hackers employ automation tools to collect and curate public information into specialized repositories.

If you need any assistance with your firm’s cybersecurity and threat detection systems, reach out to Al Harris for a comprehensive assessment of your current data security practices and policies.