PeopleDataLabs Breach

In October 2019, security researchers uncovered an unsecured Elasticsearch server containing approximately 1.2 billion records of personal data. The data, spanning 4 terabytes, included names, email addresses, phone numbers, job titles, employers, geographic locations, and social media profiles from platforms like LinkedIn, Facebook, and GitHub. This extensive dataset was traced to a server hosted on Google Cloud Services, but it was not owned by People Data Labs (PDL), a San Francisco-based data broker. Instead, it was linked to a PDL customer who had failed to secure their database properly.

The exposed information posed significant risks, including potential identity theft, phishing, and social engineering attacks. Despite the scale of the breach, PDL denied ownership of the server, stating that once data is provided to customers, its security becomes their responsibility. The company emphasized that it performs security audits and consultations for its clients but cannot enforce best practices.