Security researchers have found an unprotected server storing 1.2 billion records of personal data to be exposed. People’s email addresses, employers, locations, job titles, names, phone numbers and social media profiles all compromised.
“In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server,” the email to affected users said Friday. “The exposed data included an index indicating it was sourced from data enrichment company People Data Labs and contained 622 million unique email addresses.”
The data had been aggregated by PDL, but the email added PDL did not own the server; rather, a customer likely “failed to properly secure the database.”
The breach was dated Oct. 16.
PDL didn’t immediately respond to a request for comment. The company’s LinkedIn profile says it has a “dataset of 1.5 billion unique person profiles to build products, enrich person profiles, power predictive modeling/AI, analysis, and more.”
It’s based in San Francisco and mentions working with companies including eBay and Adidas “as their engineering focused people data partner.”