A database that aggregated 1.2 billion people’s personal data, which included email addresses, phone numbers and social media accounts, was discovered on an unprotected server in October, according to a report by Bloomberg.
The information was discovered on a Google Cloud server, according to Vinny Troia, chief executive officer of Night Lion Security, and was collected by a company called People Data Labs. The data was scraped from places across the web and sold to “70 percent+ decision-makers in the U.S., U.K. and Canada,” according to its website.
People Data Labs’ Co-founder and CEO Sean Thorne said some of the exposed information was from his company, but he also suspects that another company was aggregating the data from multiple sources.
“We’re committed to ensuring that our bulk data dumps are not exposed,” People Data Labs said on its website. “We’re extremely sensitive to this and have multiple white-hat partners who are searching the internet in an effort to find vulnerable data sets and clamp down on them before they are discovered by nefarious actors.”
Troia found the problem when scanning for unprotected data in October and reported the issue to the FBI. He said the server has since been deactivated. Troia added that he had no idea who left the unprotected data on the server, whether it was hackers with ill intent or customers of People Data Labs. If criminals wanted to use the data, he said, the social media accounts would be especially valuable.
“This is the first time ever that I’ve seen emails, names and numbers linked with Facebook, Twitter, LinkedIn and Github profiles all in one spot,” said Troia. “There are no passwords related to this data, but having a new, fresh set of passwords isn’t that exciting anymore. Having all of this social media stuff in one place is a useful weapon and investigative tool.”
