Sign up with GoogleTokolotshe
Honorary Master
- Joined
- Apr 20, 2005
- Messages
- 12,213
Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak
Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.
An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet.
First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. It consists of scraped information from social media sources like Facebook and LinkedIn, combined with names, personal and work email addresses, phone numbers, Twitter and Github URLs, and other data commonly available from data brokers – i.e., companies which specialize in supporting targeted advertising, marketing and messaging services.
Taken together, the profiles provide a 360-degree view of individuals, including their employment and education histories. All of the information was unprotected, with no login needed to access it.
“it is a comprehensive dataset collected from B2B [business-to-business] lead-generation companies’ lists,” Diachenko told Threatpost via Twitter.
If accessed by cybercriminals, the data, which includes scores of related accounts tied to each individual, could be used for highly effective, targeted phishing attacks, business email compromises and identity theft, among other things.
....
threatpost.com
Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.
An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet.
First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes of data. It consists of scraped information from social media sources like Facebook and LinkedIn, combined with names, personal and work email addresses, phone numbers, Twitter and Github URLs, and other data commonly available from data brokers – i.e., companies which specialize in supporting targeted advertising, marketing and messaging services.
Taken together, the profiles provide a 360-degree view of individuals, including their employment and education histories. All of the information was unprotected, with no login needed to access it.
“it is a comprehensive dataset collected from B2B [business-to-business] lead-generation companies’ lists,” Diachenko told Threatpost via Twitter.
If accessed by cybercriminals, the data, which includes scores of related accounts tied to each individual, could be used for highly effective, targeted phishing attacks, business email compromises and identity theft, among other things.
....
Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak
Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.
threatpost.com
