In 2019 two Security Researchers called Vinny Troia and Bob Diachenko first uncovered the PDL Data breach, and found that over a billion personal data records were easily accessible via an insecure server on the Dark Web. Part of the data in this breach was traced to People Data Labs of San Francisco (hence the acronym PDL), which is a data company that holds huge amounts of personal data for sale including more than a billion email addresses and phone numbers.
The information disseminated by the PDL Data breach contained records including usernames, social media accounts, email addresses and phone numbers. Fortunately, the data set did not contain passwords or national insurance numbers but the sheer volume of personal data made available on the Dark Web would make it easy for malicious actors to impersonate someone.
In an article for Wired, Troia said, “This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.”
These sorts of data sets can be used by criminals for various activities such as phishing, spear-phishing, scamming, account takeovers and identity theft. Interestingly however, the intention of the PDL Data breach remains unclear, as this data was openly made available and accessible at no charge, and no individual or group laid claim to the breach. For their part PDL has claimed that the data was not obtained as a result of a security breach but was possibly posted by one of their customers.
Data leaks unfortunately happen relatively frequently, and unlike the PDL Data breach can be far more serious in execution, content or cost. For example, in 2016, 164 million LinkedIn account credentials were stolen, and in this particular data breach the data set contained passwords. Every year, the detected number of breaches increases, and whilst GDPR regulations are partly responsible for this increase, as businesses are now required by law to report data breaches, the sheer quantity of personal data that is now available online is also a major factor.
Criminals and hackers will keep improving their techniques and developing new ways to defraud individuals and businesses. For them, it is just a job or a business. It’s not personal so they have no remorse of guilt over what they do or what the repercussions are. And because they are attacking everybody, not just institutions or government bodies, it is the responsibility or everybody to do as much as possible to prevent them succeeding.
To help in this fight Labyrinth Technology has a number of security tools and services that we supply to businesses all over London to help them with their IT security needs. Whether it is cybersecurity awareness tools, consultation on cybersecurity or the implementation of security plans, as a Managed Security Service Provider in London, Labyrinth Technology has the tools to help you protect you, your colleagues, and your business.
Call us now on 020 3790 7500 or contact us to find out more.