Cyber Essentials 2022 Major Updates Businesses Need to Know
Cyber Essentials is a government backed scheme which was launched in 2014 to allow enterprises to protect themselves against cyber-attacks. It shields businesses within various
The People Data Labs PDL Data breach was first discovered by Security Researchers, Vinnie Troia and Bob Diachenko in October 2019. 1.2 billion personal data records (totalling 4.2 terabytes) were freely accessible via an insecure server on the Dark Web. The source of part of this data set was traced to People Data Labs (PDL), a data broker based in San Francisco. PDL lists that it has over 1.5 billion people’s data for sale including more than a billion email addresses and 400 million phone numbers.
The PDL Data breach shared data records included usernames, social media accounts, 622 million email addresses and 50 million unique phone numbers. Whilst the data set did not contain passwords or social security numbers, it does have all the information necessary to impersonate someone.
“This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.” Stated Vinnie Troia in a recent Wired article
Data sets like this one are often used for criminal activity including: phishing, scamming and identity theft. However, the intention of the data leak remains unclear, because this data was fully accessible with no payment required and with no links to an author and PDL has since claimed that the data was not obtained as a result of a breach but instead was likely resold or released by one of their customers.
The Deep Web is an area that is not accessible by the main stream search engines where you can often find leaked data. The Dark Web is a website within the Deep Web that is linked to illegal activity.
The Deep Web was initially designed for the US secret service, so that they could access files without being detected. Unfortunately it has turned out to be a double-edged sword as the very feature of un-traceability which was invaluable to the military became used by criminals. Although the PDL particular data set has since been removed by the FBI, the researchers have no way of knowing if anyone accessed the data set prior to its removal.
Leaks like the PDL one are commonplace and they have existed since the internet was created. In 2016, 164 million account credentials were stolen from LinkedIn, including passwords that were leaked on the Deep Web.
The number of data breaches this year have exceeded 2018. And the individual leaks are growing. Troy Hunt, who runs data tracking exposure service ‘HaveIBeenPwned’ observed that we are seeing more data than ever being circulated, from both new breaches and duplication of previous breaches.
The increase in data leaks is a result of the change of law which now requires companies to declare data leaks in line with the EU GDPR Regulation, as well as the proliferation of the amount of online data available and every growing hacker abilities.
If you would like to find out more about our Dark Web monitoring, Cyber Essentials Certifications or require specialist IT Consultancy please get in touch.
Cyber Essentials is a government backed scheme which was launched in 2014 to allow enterprises to protect themselves against cyber-attacks. It shields businesses within various
In March 2020, the UK along with the rest of the world was placed in lockdown due to Covid 19. Businesses sent staff home and
In the traditional IT world, the edge of an organisation’s network, or rather it’s firewalls, were considered the perimeter and everything that occurred within the
There is no doubt that the financial sector has become the most prevalent target for cyber security attacks over the last few years. The COVID-19