Data Broker At Center of Data Leak Involving 170 Million Records

Data broker People Data Labs (PDL) appears to be at the center of a massive data breach, one that has exposed at least 170 million records....
Data Broker At Center of Data Leak Involving 170 Million Records
Written by Matt Milano
  • Data broker People Data Labs (PDL) appears to be at the center of a massive data breach, one that has exposed at least 170 million records.

    Cybernews reports that its research team found a dataset online that contained more than 170 million records. The dataset was exposed via an unprotected Elasticsearch server, although it was not directly connected PDL. As a result, the leak could be the result of a mishandled server from one of PDL’s partner companies.

    The leaked data includes:

    • Full names
    • Phone numbers
    • Emails
    • Location data
    • Skills
    • Professional summaries
    • Education background
    • Employment history

    Unfortunately, this is not the first time PDL has been involved in a data leak. As Cybernews reports, PDL suffered a data leak of more than a billion records in 2019. Interestingly, that data breach was also the result of an unprotected Elasticsearch, raising the possibility that this latest breach could be a subset of data from the original 2019 breach.

    As the outlet points out, the breach brings increased scrutiny on the data broker industry.

    “The existence of data brokers is already a controversial issue, as they often have insufficient checks and controls to ensure that data doesn’t get sold to the wrong parties. Leaking large segments of their datasets makes it easier and more convenient for threat actors to abuse the data for large-scale attacks,” said the Cybernews research team.

    Unlike the EU, the US lacks comprehensive privacy legislation, meaning data brokers are not nearly as regulated as on the other side of the Atlantic. As a result, users’ data—as well as their privacy—continues to be collected, saved, bartered, sold, used, and abused.

    While a data breach is never a good thing, hopefully it will add to the growing chorus of users, lawmakers, and critics who want more oversight of such companies.

    Get the WebProNews newsletter delivered to your inbox

    Get the free daily newsletter read by decision makers

    Subscribe
    Advertise with Us

    Ready to get started?

    Get our media kit