Misconfiguration exposes suspected People Data Labs data

Cybernews reports that San Francisco-based data broker People Data Labs may have had more than 170 million sensitive records leaked as a result of an unsecured Elasticsearch server managed by a third party.

Included in the exposed dataset labeled "PDL" were individuals' full names, email addresses, phone numbers, location data, professional summaries, and skills, as well as education and employment histories, according to Cybernews researchers, who noted the impact of such a breach on PDL's reputation whether or not it is related to the firm's leak of over a billion records five years ago. "The existence of data brokers is already a controversial issue, as they often have insufficient checks and controls to ensure that data doesn’t get sold to the wrong parties. Leaking large segments of their datasets makes it easier and more convenient for threat actors to abuse the data for large-scale attacks," said researchers, who called on individuals whose data may have been exposed to be vigilant of phishing intrusions and suspicious account activity, seek data removal services, leverage robust credentials, and implement two-factor authentication.