Google Cloud server left a billion people's data unsecured

database
(Image credit: Pixabay)
Audio player loading…

A security researcher recently discovered an unsecured database online which contained the personal information of 1.2bn users including their social media accounts, email addresses and phone numbers.

A majority of the data contained in the database was collected by a company called People Data Labs according to the CEO of Night Lion Security, Vinny Troia who first discovered it last month. 

People Data Labs provides its customers with easy access to work emails and social media account details of over 70 percent of the decision makers in the US, UK and Canada. The company scrapes this data from various sources online and on its website (opens in new tab), People Data Labs explains that it can even deliver this data straight to its customers, saying:

“A dataset of resume, contact, social, and demographic information for over 1.5 Billion unique individuals, delivered to you at the scale you need it. With just a few lines of code, you can begin enriching anywhere from dozens to billions of records with over 150 data points. If you don’t have the time, we can deliver the data straight to you via S3, SFTP, Google Drive, Elasticsearch.”

Unsecured database

The unprotected data was found on a Google Cloud server and while it was originally sourced by People Data Labs, one of the company's customers was responsible for leaving it unsecured.

The company's co-founder and CEO, Sean Thorne explained that some of the exposed data did come from it though he suspects that it was aggregated by another firm which was merging various data points.

Vinny Troia was conducting a routine scan for unprotected data online when he made the discovery of the four terabyte database, after which he notified the FBI. Troia explained that the information contained in this latest data dump could easily be leveraged by cybercriminals, saying:

“This is the first time ever that I’ve seen emails, names and numbers linked with Facebook, Twitter, LinkedIn and Github profiles all in one spot. There are no passwords related to this data, but having a new, fresh set of passwords isn’t that exciting anymore. Having all of this social media stuff in one place is a useful weapon and investigative tool.”

Via Bloomberg (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.