Security researchers have found a database with information about 1.2 billion people. The database does not contain sensitive data such as credit card numbers or passwords, but there is information about the profiles they have. It also contains telephone numbers and e-mail addresses.
The database was found by researchers Bob Diachenko and Vinny Troia. They searched via Shodan for other information and, as it were, stumbled upon the database by accident. It is a total of four terabytes and contains more than four billion user accounts of 1.2 billion unique people. The records also contain fifty million unique telephone numbers and 622 million unique e-mail addresses. The data was on an Elasticsearch server on the Google Cloud. The researchers called in the FBI after their discovery. He took the server offline shortly thereafter.
The data appears to come from four different databases that have been put together. Three of them are probably from a data company from San Francisco called People Data Labs. That writes on its website that it has a database of 1.5 billion unique users. He sells that data to companies or advertisers. The fourth database is most likely from Oxydata . The now leaked database does not come from them, but probably from one of their customers. “The owner of this server has probably used one of our products in combination with other products,” the owner of People Data Labs told Wired. “As soon as a customer has access to our data, it is on their servers and those customers are responsible for its security.”
The large amounts of data are probably aggregated from social media profiles such as Twitter, Facebook, and LinkedIn. Data companies do that kind of aggregation to subsequently resell that data to other companies that can use it to create advertising profiles. With such data enrichment, buyers of the data set can find a lot of information about a person on the basis of only one or two records. A name or telephone number can then lead to all other known information about that person. According to the researchers, the data can easily be misused to commit identity fraud.
Recently, huge databases have been found online. These are often created by connecting several data sources together. For example, in January a database appeared online with a total of more than 2.2 billion account names, including their passwords. They were merged from other large data breaches.