collage of people's head shots (Photo: Shutterstock)

|

(Bloomberg) –A database aggregating 1.2 billion users' personalinformation, including social media accounts, email addresses andphone numbers, was discovered unprotected on a server last month. So far,it's not clear how it got there.

|

Most of the data was collected by a companycalled People Data Labs, said Vinny Troia, chief executiveofficer of Night Lion Security, which is based in St.Louis. People Data Labs provides work emails and social mediaaccount details for what the company claims is a billion and a halfpeople. That data is scraped from various sources and sold as a wayto contact "70%+ decision makers in the US, UK and Canada,"according to the company's website.

|

The unprotected data didn't reside on a People Data Labs'server, but rather was on a Google Cloud server, Troia said. Googledidn't respond to a request for comment about who was renting theserver.

|

Sean Thorne, People Data Labs' co-founder and chief executiveofficer, said some, but not all, of the data came from his companyand suspects it was being aggregated by another firm mergingvarious data points.

|

"We're committed to ensuring that our bulk data dumps are notexposed," People Data Labs says on its website. "We're extremelysensitive to this and have multiple white-hat partners who aresearching the internet in an effort to find vulnerable data setsand clamp down on them before they are discovered by nefariousactors."

|

The discovery was previously reported by Wired.

|

Troia, who made the discovery in October during a routine scanfor unprotected data, said he reported the four terabyte trove andits location to the Federal Bureau of Investigation. The server hassince been shut down, he said. The FBI didn't immediately respondedto requests for comment.

|

Troia says he doesn't know who left the data on that server,saying it could be malicious hackers or People Data Labs' owncustomers. He said the discovery of social media accounts would beparticularly valuable in the hands of criminal hackers or peddlersof misinformation.

|

"This is the first time ever that I've seen emails, names andnumbers linked with Facebook, Twitter, LinkedIn and Github profilesall in one spot," said Troia, who describes himself as a cybercrimehunter. "There are no passwords related to this data, but having anew, fresh set of passwords isn't that exciting anymore. Having allof this social media stuff in one place is a useful weapon andinvestigative tool."

|

READ MORE:

Copyright 2019 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

  • Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.