A single leak exposed information from more than 1.2 billion people in the past month, according to data released by cybersecurity company DataViper last Friday (22). It is likely that the information, available on an open server on the Internet, was initially aggregated by two data enrichment companies. The leak includes accounts on social networking sites, as well as email addresses and phone numbers, and could be considered the largest in history among those from a single source.
READ: SP government website leaks documents from 28,000 people
According to DataViper researchers Bob Diachenko and Vinny Troia, the information comes from a total of 4 billion individual data sets, archived in more than 4 TB of storage. Within these files, available on an open Elasticsearch server, was the information of the 1.2 billion people, completely unprotected – there was no need to enter any password, nor any authentication request to access them.
Data leak exposes phone and email to 1.2 billion people – Photo: Pond5
Want to buy cell phones, TV and other discounted products? Discover Compare dnetc
Diachenko and Troia noted that most of the data had indexes labeled «pdl» and «oxy». The initials point to data enrichment companies People Data Labs and Oxydata, which provide corporate e-mails and detailed information on social media profiles to leverage commercial actions. When asked by Data Viper to comment on the case, they said they did not have the servers.
The leaked information includes names, e-mail addresses, telephone numbers, as well as account data on social networks like Facebook and LinkedIn, which includes the person’s professional background.
In the end, the researchers were unable to determine, in fact, who is responsible for the leak, since the cloud service provider that hosts the server does not share any information about its customers for privacy reasons. The suspicion, however, is that the information came from a customer of these data enrichment companies.
How do I know if my data has been exposed?
To find out if you were a victim of this new leak, access tools like Mozilla’s Have I Been Pwned or Firefox Monitor. The services cross-check the user’s e-mails with public databases of stolen information to warn if their credentials may be in the hands of criminals.
Via Data Viper and Android Police
Does Facebook listen to user conversations? Ask questions in the dnetc Forum.
What is ransomware: five tips to protect yourself