In the last few years, there has been a surge in the number of data breaches. This is, of course, a major concern for consumers. And as the cases continue to appear, dark web researchers Bob Diachenko and Vinny Troia have announced a huge collection of data online.
The report, whist was published on Data Viper, they found that the data, which belongs to around 1.2 billion US, UK, and Canadian consumers, had been left fully exposed on an unsecured online server.
Among the information that was found, there was personal information including social media profiles and phone numbers. However, at this stage, no financial information – such as passwords, credit card numbers, bank details, or social security numbers – was found.
According to the researchers, what makes this case more unique than previous cases is that the data appears to be from two different data enrichment companies. These companies are People Data Labs (PDL) and OxyData.io.
PDL data was found to OxyData.io data “revealed an almost complete scrape of LinkedIN data, including recruiter information”. On the other hand, PDL data is believed to be responsible for most of the exposed data that was recovered.
Sean Thorne, PDL cofounder, said in an interview that the firm doesn’t own the server holding the data. He added that the owner of the server is “likely used one of our enrichment products, along with a number of other data enrichment or licensing services.”
Additionally, OxyData, the other company involved, said it didn’t own any of the data found. Vinny Troia says he believes both of the companies and that, considering how much information was exposed, it would be very difficult to determine who is responsible.
He wrote, “The lion’s share of the data is marked as ‘PDL’, indicating that it originated from People Data Labs. However, as far as we can tell, the server that leaked the data is not associated with PDL.”
“Due to the sheer amount of personal information included, combined with the complexities identifying the data owner, this has the potential to raise questions on the effectiveness of our current privacy and breach notification laws,” he added.