A single leak exposed information from more than 1.2 billion people in the past month, according to data revealed by cybersecurity company DataViper last Friday (22). It is likely that the information, available on an open server on the Internet, was initially aggregated by two data enrichment companies. The leak includes accounts on social networking sites, in addition to email addresses and phone numbers, and can be considered the largest in history among those coming from a single source.
READ: SP government website leaks documents from 28,000 people
According to DataViper researchers Bob Diachenko and Vinny Troia, the information comes from a total of 4 billion individual data sets, archived in more than 4 TB of storage. Within these files, available on an open Elasticsearch server, which contained the information of 1.2 billion people, completely unprotected, there was no need to enter any password, nor any authentication request to access them.
Data leak expe phone and e-mail of 1.2 billion people Photo: Pond5
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
Diachenko and Troia noted that most of the data had indexes labeled "pdl" and "oxy". The initials point to data enrichment companies People Data Labs and Oxydata, which provide corporate e-mails and detailed information on profiles on social networks to leverage commercial actions. When contacted by Data Viper to comment on the case, they said they do not have the servers.
The leaked information includes names, e-mail addresses, telephone numbers, as well as account data on social networks such as Facebook and LinkedIn, which comprises the person's professional history.
In the end, the researchers were unable to determine, in fact, who is responsible for the leak, since the cloud service provider that hosts the server does not share any information about its customers for privacy reasons. It is suspected, however, that the information came from a customer of these data enrichment companies.
How do I know if my data has been exposed?
To find out if you were a victim of this new leak, visit tools like Mozilla's Have I Been Pwned or Firefox Monitor. The services cross-check e-mails reported by the user with public databases of stolen information to warn if their credentials may be in the hands of criminals.
Via Data Viper and Android Police
Does Facebook listen to user conversations? Ask questions in the TechTudo forum.
What ransomware: five tips to protect yourself