The PDL Data breach in brief
The PDL Data breach was recently discovered by Security Researchers, Vinnie Troia and Bob Diachenko. 1.2 billion personal data records (totalling 4.2 terabytes) were freely accessible via an insecure server on the Deep Web. The source of part of this data set was traced to People Data Labs (PDL), a data broker based in San Francisco. PDL lists that it has over 1.5 billion people’s data for sale including more than a billion email addresses and 400 million phone numbers.
What data was leaked in the PDL breach?
Data records included usernames, social media accounts, 622 million email addresses and 50 million unique phone numbers. Whilst the data set did not contain passwords or social security numbers, it does have all the information necessary to impersonate someone.
“This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.” Stated Vinnie Troia in a recent Wired article
Data sets like this one are often used for criminal activity including: phishing, scamming and identity theft. However, the intention of the data leak remains unclear, because this data was fully accessible with no payment required and with no links to an author and PDL has since claimed that the data was not obtained as a result of a breach but instead was likely resold or released by one of their customers.
The similarities to the LinkedIn Data Breach in 2016
Leaks like the PDL one are commonplace and they have existed since the internet was created. In 2016, 164 million account credentials were stolen from LinkedIn, including passwords that were leaked on the Deep Web.
The number of data breaches this year have exceeded 2018. And the individual leaks are growing. Troy Hunt, who runs data tracking exposure service ‘HaveIBeenPwned’ observed that we are seeing more data than ever being circulated, from both new breaches and duplication of previous breaches.
The increase in data leaks is a result of the change of law which now requires companies to declare data leaks in line with the EU GDPR Regulation, as well as the proliferation of the amount of online data available and every growing hacker abilities.
What is the difference between the Deep Web and the Dark Web?
The Deep Web is an area that is not accessible by the main stream search engines where you can often find leaked data. The Dark Web is a website within the Deep Web that is linked to illegal activity.
The Deep Web was initially designed for the US secret service, so that they could access files without being detected. Unfortunately it has turned out to be a double-edged sword as the very feature of un-traceability which was invaluable to the military became used by criminals. Although the PDL particular data set has since been removed by the FBI, the researchers have no way of knowing if anyone accessed the data set prior to its removal.
PDL Data breach – What to do if you are affected?
- Investigate what company information is available on the Dark Web. Infinity Group have a scanning tool that can crawl the Dark Web and list all company credentials available on there.
- Implement a strict password policy across the company
- Undertake Cyber Security Training to educate employees of the risks
- Write your cyber security strategy/ review your existing
- Undertake a cyber security audit of your current setup – make improvements
- Implement the relevant tools within your setup– eg. Cisco Firewalls
- Achieve the Cyber Essentials framework – gain the certification to secure your business and demonstrate to your customers that you are committed to Cyber Security.