Cyber Security

The PDL Data Breach – How secure is your data?

11th Dec 2019 | 4 min read

The PDL Data Breach – How secure is your data?

The PDL Data breach in brief

The People Data Labs PDL Data breach was first discovered by Security Researchers, Vinnie Troia and Bob Diachenko in October 2019. 1.2 billion personal data records (totalling 4.2 terabytes) were freely accessible via an insecure server on the Dark Web. The source of part of this data set was traced to People Data Labs (PDL), a data broker based in San Francisco. PDL lists that it has over 1.5 billion people’s data for sale including more than a billion email addresses and 400 million phone numbers.

What data was leaked in the PDL breach?

The PDL Data breach shared data records included usernames, social media accounts, 622 million email addresses and 50 million unique phone numbers. Whilst the data set did not contain passwords or social security numbers, it does have all the information necessary to impersonate someone.

“This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.” Stated Vinnie Troia in a recent Wired article

Data sets like this one are often used for criminal activity including: phishing, scamming and identity theft. However, the intention of the data leak remains unclear, because this data was fully accessible with no payment required and with no links to an author and PDL has since claimed that the data was not obtained as a result of a breach but instead was likely resold or released by one of their customers.

What is the difference between the Deep Web and the Dark Web?

The Deep Web is an area that is not accessible by the main stream search engines where you can often find leaked data. The Dark Web is a website within the Deep Web that is linked to illegal activity.

The Deep Web was initially designed for the US secret service, so that they could access files without being detected. Unfortunately it has turned out to be a double-edged sword as the very feature of un-traceability which was invaluable to the military became used by criminals. Although the PDL particular data set has since been removed by the FBI, the researchers have no way of knowing if anyone accessed the data set prior to its removal.

Dark Web Report | Infinity Group

The similarities to the LinkedIn Data Breach in 2016

Leaks like the PDL one are commonplace and they have existed since the internet was created. In 2016, 164 million account credentials were stolen from LinkedIn, including passwords that were leaked on the Deep Web.

The number of data breaches this year have exceeded 2018. And the individual leaks are growing. Troy Hunt, who runs data tracking exposure service ‘HaveIBeenPwned’ observed that we are seeing more data than ever being circulated, from both new breaches and duplication of previous breaches.

The increase in data leaks is a result of the change of law which now requires companies to declare data leaks in line with the EU GDPR Regulation, as well as the proliferation of the amount of online data available and every growing hacker abilities.

PDL Data breach – What to do if you are affected?

  1. Investigate what company information is available on the Dark Web. Please contact us to arrange your Dark Web report for your company.
  2. Implement a strict password policy across the company
  3. Undertake Cyber Security Training to educate employees of the risks
  4. Write your cyber security strategy/ review your existing
  5. Undertake a cyber security audit of your current setup – make improvements
  6. Implement the relevant tools within your setup– eg. Cisco Firewalls
  7. Achieve the Cyber Essentials framework – gain the certification to secure your business and demonstrate to your customers that you are committed to Cyber Security.

If you would like to find out more about our Dark Web monitoring, Cyber Essentials Certifications or require specialist IT Consultancy please get in touch.

Related blogs you may find useful

We would love to hear from you

Our specialist team of consultants look forward to discussing your requirements in more detail and we have three easy ways to get in touch.

Call us: 03301913473
Complete our contact form
LiveChat now: via the pop up

Related Content

5 tips for better business network security
Cyber Security

5 tips for better business network security

With technology now sewn in the fabric of everyday life – in both personal and business settings &...

5 Tips to Improve Cybersecurity for Your Business in 2021
Cyber Security

5 Tips to Improve Cybersecurity for Your Business in 2021

The changes in our technology landscape have been significantly altered by the pandemic, however, de...

10 tips when choosing a Cyber Security partner_
Cyber Security

10 tips when choosing a Cyber Security partner_

Why use a Cyber Security Partner? Security teams who were already challenged to keep up with the cha...

We would love
to hear from you_

Our specialist team of consultants look forward to discussing your requirements in more detail and we have three easy ways to get in touch.

Call us: 03454504600
Complete our contact form
Live chat now: Via the pop up

Feefo logo