Google Cloud server left a billion people’s data unsecured

A security researcher recently discovered an unsecured database online which contained the personal information of 1.2bn users including their social media accounts, email addresses and phone numbers.

A majority of the data contained in the database was collected by a company called People Data Labs according to the CEO of Night Lion Security, Vinny Troia who first discovered it last month. 

People Data Labs provides its customers with easy access to work emails and social media account details of over 70 percent of the decision makers in the US, UK and Canada. The company scrapes this data from various sources online and on its website, People Data Labs explains that it can even deliver this data straight to its customers, saying:

“A dataset of resume, contact, social, and demographic information for over 1.5 Billion unique individuals, delivered to you at the scale you need it. With just a few lines of code, you can begin enriching anywhere from dozens to billions of records with over 150 data points. If you don’t have the time, we can deliver the data straight to you via S3, SFTP, Google Drive, Elasticsearch.”

Unsecured database

The unprotected data was found on a Google Cloud server and while it was originally sourced by People Data Labs, one of the company’s customers was responsible for leaving it unsecured.

The company’s co-founder and CEO, Sean Thorne explained that some of the exposed data did come from it though he suspects that it was aggregated by another firm which was merging various data points.

Vinny Troia was conducting a routine scan for unprotected data online when he made the discovery of the four terabyte database, after which he notified the FBI. Troia explained that the information contained in this latest data dump could easily be leveraged by cybercriminals, saying:

“This is the first time ever that I’ve seen emails, names and numbers linked with Facebook, Twitter, LinkedIn and Github profiles all in one spot. There are no passwords related to this data, but having a new, fresh set of passwords isn’t that exciting anymore. Having all of this social media stuff in one place is a useful weapon and investigative tool.”

Via Bloomberg

Source

Be the first to comment

Leave a Reply

Your email address will not be published.


*


10 + five =