Advanced searches left 3/3
Search only database of 8 mil and more summaries

Data Enrichment Exposure From Pdl Customer

Summarized by PlexPage
Last Updated: 02 July 2021

* If you want to update the article please login/register

General | Latest Info

Security researchers found an unprotected server that exposed 1. 2 billion records of personal data, including email addresses, employers, locations, job titles, names, phone numbers and Social media profiles, according to notification sent Friday to people affected by exposure. In October 2019, Security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server, according to email. The exposed data includes an index indicating it was source from data enrichment company People Data Labs and contains 622 million unique email addresses. Data had been aggregated by PDL, but the email added that PDL didn't own a server. Rather, customers likely fail to properly secure database. Pdl didn't immediately respond to a request for comment. The company's LinkedIn profile says it has a dataset of 1. 5 billion unique person profiles to build products, enrich person profiles, power predictive modeling / AI, analysis, and more. Pdl is based in San Francisco and mentions working with companies including eBay and Adidas as their engineering focus People Data partner.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Data Broker Sources

Data enrichment services take personally identifying information email addresses or phone numbers, for example, and match it with broader profiles of individuals. That could be information about your education level, your religion or your interests. It's all calculated so organisations purchasing their services can know more about you all better to sell you things. On its website, PDL claims to have data about more than 1. 5 billion people, including resume, contact, social, and demographic information. Troy Hunt, who runs Have I Been Pwned, says he's uncomfortable with the world of data brokers and data enrichment. In his view, many operate on different levels of shadiness, especially when it comes to how they build individual records. Some firms may purchase datasets from other companies that get permission to collect them from online retailers, for example. Personal details could be gathered from Internet surveys that only disclose they share data in fine print. Then, at what he calls more dodgy end, information could be scrapped from websites against their terms and conditions from University websites that detail staff contact emails, for example. But there's another potential source other data breaches that have already spilt volumes of sensitive data. Think about Ashley Madison, and hey, it's available to download for free, Mr Hunt say. Plenty of data brokers and credit agencies have had data breaches in recent years. Most notably, 2017 Equifax Incident in which Social Security numbers, birth dates and addresses of around 143 million Americans were steal. They 've got all of this data, Mr Hunt says of the industry. They very often don't protect it very well. Or they sell it to customers and then customers don't protect it very well.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

The Open Elasticsearch Server

Personal information on over one billion individuals harvested by two data enrichment firms has been exposed online, according to Security researchers. Data enrichment or aggregation providers effectively sell access to large stores of data merged from multiple third - party sources, primarily for companies to gain deeper insights into current and prospective customers. However, there are inevitable privacy risks attached to such practices, despite the efforts of aggregator firms themselves to keep their own data stores secure. In mid - October, Bob Diachenko and Vinny Troia discovered a wide open Elasticsearch server containing four billion user accounts across more than 4TB of data. The total count of unique people across all data sets reaches more than 1. 2 billion people, making this one of the largest data leaks from a single source organization in history. Leak Data contains names, email addresses, phone numbers, LinkedIn and Facebook profile information, explain Vinny Troia, chief of threat intelligence AT Data Viper. Discover Elasticsearch server containing all of the information was unprotected and accessible via Web browser AT http: / 35. 199. 58. 125: 9200. No password or authentication of any kind was needed to access or download all of the data. Privacy snafu exposes around 622 million unique email addresses, mainly those associated with Data enrichment firm know as People Data Labs. The second was identified by Troia as OxyData and is an almost complete scrape of LinkedIn Data. However, it is unclear who left data exposed on the Elasticsearch server. Troy Hunt, who ran HaveIBeenPwned? Breach notification site, say, highlights the real challenge at the heart of the data enrichment industry. Regardless of how well these data enrichment companies secure their own system, once they pass data downstream to customers, it's completely out of their control. My data, almost certainly your data too, is replicate, mishandled and exposed and there's absolutely nothing we can do about it. Well, almost nothing, he say. Privacy policy states that people may access any information we have on them and that they will reply to persons request within five business days or delete it outright. It ll be interesting to see how that scale if even a very small slice of 622M impacted individuals take them up on that offer.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Who is Accountable?

Customers of two data enrichment companies have exposed data of around 1. 2 billion people. Data was already available online, but its current utilization goes beyond initial consent given by owners. Aggregating from multiple sources gives new value to this data, providing ease and comfort to hackers. Researchers Vinny Troia and Bob Diachenko discovered an unprotected Elasticsearch server containing 4 terabytes of data that corresponds to billions of user accounts. After looking deeper into IT, researchers figure that data sets correspond to about 1. 2 billion people, exposing their names, email addresses, phone numbers, LinkedIn, and Facebook profile information. Discovery of this massive leak occurred on October 16 2019, while database has now been added on Troy Hunts HaveIBeenPwned platform, and affected users must have received email already. Servers that are left online without the need for a password or any authentication contain four data indexes labelled as PDL and OXY. These correspond to data enrichment companies People Data Labs and OxyData. Io. These companies help businesses in their decision making and customer engagement by collecting massive amounts of publicly available data from multiple sources, merging them into single data set, and refining them through cleansing and analysis. That say, exposed data is private, but their combined value gives them new character and level of worthiness. Researchers notified PDL about the issue, and the firm responded that the server in question does belong to them. After some targeted API - base testing was carried out by researchers, they were able to confirm that the leaked database originated from PDL. Oxydata also responded by saying that server do not belong to them either, but they did offer researchers the option to access their API for testing purposes. While the server does belong to either firm, IT was one of their customers who misused this data, and this created an unprecedented problem of attribution. Data enrichment companies claim that they are not accountable and that their data use policies place responsibility for following proper data securing practices on their customers. However, they admit that they have no way to enforce these agreements, or even to thoroughly check how every single party uses shared data. Most importantly, exposed people who are victims of data aggregators never ask for additional consent, and never get to know involved purposes anymore. The case is now in the hands of GDPR enforcing authorities, FBI, and all national data protection agencies that should investigate and penalize responsible parties. Dave Farrow, Senior Director of Information Security at Barracuda Networks, shared the following comment with TechNadu: From the perspective of people whose information was part of this dump, this does qualify as a cut - and - dry data breach. This is an instance where customer of company, has exposed intellectual property of vendor. Users of this type of data are often on periphery, or maybe even acting independently of their companies ' IT and Security teams.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

Sources

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions.

* Please keep in mind that all text is machine-generated, we do not bear any responsibility, and you should always get advice from professionals before taking any actions

logo

Plex.page is an Online Knowledge, where all the summaries are written by a machine. We aim to collect all the knowledge the World Wide Web has to offer.

Partners:
Nvidia inception logo

© All rights reserved
2021 made by Algoritmi Vision Inc.

If you believe that any of the summaries on our website lead to misinformation, don't hesitate to contact us. We will immediately review it and remove the summaries if necessary.

If your domain is listed as one of the sources on any summary, you can consider participating in the "Online Knowledge" program, if you want to proceed, please follow these instructions to apply.
However, if you still want us to remove all links leading to your domain from Plex.page and never use your website as a source, please follow these instructions.