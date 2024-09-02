Cybernews researchers have uncovered a colossal data leak believed to be related to People Data Labs (PDL), a San Francisco-based data broker, containing over 170 million records.

Breached data includes sensitive information like full names, phone numbers, emails, location, skills, professional summaries, education history and employment history, putting those affected at risk of identity theft.

An unprotected Elasticsearch server has been identified as being responsible for the leak, discovered by the team on June 25, indicating that a third party may have been responsible for managing PDL’s data.

PDL data leak includes 170 million records

Although an unknown threat actor is likely responsible for leaking the data, Cybernews has highlighted the poorly protected Elasticsearch server as a key vulnerability.

The team summarized: “The existence of data brokers is already a controversial issue, as they often have insufficient checks and controls to ensure that data doesn’t get sold to the wrong parties.”

If the leak does indeed pertain to PDL, it won’t be the first time the company has been associated with a leak. In October 2019, it was revealed that more than a billion records from the company’s databases were exposed online, believed to have affected 622 million individuals. At the time, PDL said that it wasn’t responsible for the leak.

Cybernews continued: “If this is a new leak, and not processed and enriched data from the 2019 leak by a third party, such an incident would show a high level of ignorance from the company regarding personal data security.”

Those who suspect they may have been affected together with anybody who has received any suspicious emails, or simply those wanting to maintain the highest levels of digital hygiene, should change their passwords regularly and use a trusted password manager, enable two-factor authentication and monitor their accounts.

TechRadar Pro has contacted People Data Labs to confirm its association with this leak, but we did not receive an immediate response.