1. News
  2. Cybersecurity News

Dark web researchers find massive trove of exposed data affecting 1.2 billion people

The information was found on an unsecured server where anyone could access it

Photo (c) anyaberkut - Getty Images
Dark web researchers Bob Diachenko and Vinny Troia recently found a massive collection of data that had been left exposed on an unsecured server. In total, data belonging to around 1.2 billion people was found on the server, Troia reported on DataViper. 

The information belonged to consumers in Canada, the U.K., and the U.S. and included phone numbers and social media profiles. Social Security numbers, passwords, and credit card numbers were not found. 

The researchers said the leak is unique because of the fact that the data sets appear to have come from two different data enrichment companies: People Data Labs (PDL) and OxyData.io. The OxyData.io data “revealed an almost complete scrape of LinkedIN data, including recruiter information” while the PDL data accounted for a majority of the exposed data.

“This is an incredibly tricky and unusual situation,” Troia wrote. “The lion’s share of the data is marked as ‘PDL’, indicating that it originated from People Data Labs. However, as far as we can tell, the server that leaked the data is not associated with PDL.” 

Difficulty attributing ownership

PDL cofounder Sean Thorne told WIRED that his company doesn't own the server that hosted the exposed data. He said the owner of the server “likely used one of our enrichment products, along with a number of other data enrichment or licensing services.” 

OxyData also denied ownership of the data. Troia said he believes both claims. Neither firm dismissed the possibility that one of its customers mishandled their data. Troia concluded that the quantity of exposed information, paired with the difficulty in determining who is accountable for the exposure, raises several questions.

“Due to the sheer amount of personal information included, combined with the complexities identifying the data owner, this has the potential to raise questions on the effectiveness of our current privacy and breach notification laws,” he said. 

Take an Identity Theft Quiz. Get matched with an Authorized Partner.