Researchers Uncover a 1.2 Billion “Enriched” Account Data Leak

Security researchers have uncovered a rather large data leak recently. Over 1.2 billion people have been affected by it.

If anyone ever tells you that cloud computing is secure, one of the only appropriate responses is to say that they are clearly on another planet. Stop us if you heard this one before: a mal-configured elasticsearch server has been discovered to be leaking the personal information of a large number of people. Indeed, the failure of cloud computing to secure personal information? Must be a day that ends in a “Y”.

In this instance, however, the number of people affected is quite significant. To date, the single largest security incident we’ve been able to report on is the Aadhaar data breach which saw 1 billion people exposed. In terms of number of people, this breach eclipses that number by 200 million.

As for the data, it was apparently legitimately scraped from other sites from the open Internet. The database itself weighs in at 4 terabytes. The information was pulled from sites like Facebook, LinkedIn, GitHub, Twitter, and many other sources. That information was then stored on the server with no login credentials needed to access.

More from ThreatPost:

“it is a comprehensive dataset collected from B2B [business-to-business] lead-generation companies’ lists,” Diachenko told Threatpost via Twitter.

If accessed by cybercriminals, the data, which includes scores of related accounts tied to each individual, could be used for highly effective, targeted phishing attacks, business email compromises and identity theft, among other things.

“Information like this is extremely useful to criminals as a starting point in hacking a number of related accounts and also lends itself the potential for increased credential stuffing attacks,” Carl Wearn, head of e-crime at Mimecast, said via email. “This information obviously also provides a fantastic treasure trove of information for the means of industrial, political and state-related espionage and there are multiple malicious uses for the data leaked from this breach.”

For affected consumers, remediation is no picnic, either.

“Data breaches that expose information such as phone numbers to personal accounts like email or social accounts are just as serious as ones that expose payment information,” Zack Allen, director of threat operations at ZeroFOX, told Threatpost. “Luckily for payment information, you can change your credit card, or your password to your accounts. But what can victims of this breach do when their phone number and Facebook profile is leaked? Changing your phone number can cost money with your carrier, you also have to update all of your contacts with your new phone number, plus all of your two-factor accounts.”

The article goes on to say that the data appears to originate from 2 lead generation companies: People Data Labs (PDL) and OxyData[.]io. The researchers contacted the two companies and both said they have nothing to do with the server leaking the data.

Since the story broke, the server in question has been secure. It is unclear who owned and operated the server in question.

Drew Wilson on Twitter: @icecube85 and Facebook.



1 Trackback or Pingback

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.