Big data breaches are happening much more frequently than ever before. The latest is the People Data Labs (PDLs) breach that occurred on October, 16 2019. Detected by security researchers, Vinny Troia and Bob Diachenko, the breached exposed 1.2 billion people and included information such as, email addresses, employers, geographic locations, job titles, names, telephone numbers and social media profiles.

While there is no DIRECT threat to your accounts, this breach is worth reviewing because it was taken from a ‘data enrichment’ company that takes data (via public and private-sharing agreements) from sites like Linkedin, Facebook, Twitter, Glassdoor, marketing and other services and aggregates/correlates the data together into a single database. What this will mean is that in the coming months there may be more attacks and/or more precise spear-phishing attacks against you or your company using this data to impersonate people of authority in your organization or contacts.

Are you concerned about what data may be out there with your personal or work email accounts?

Visit have i been pwned at https://haveibeenpwned.com/ enter your email addresses and find out if your credentials have been exposed in a data breach.

Smart Dolphins uses services including on the above site to monitor your company’s domains for breaches to help secure your data and accounts.

Why are you only hearing about this now?

Whilst the breach occurred in October, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly, as it is often tucked away to be directly used by hackers, then eventually sold on black markets before trickling out of the shadows where benevolent groups are able to get their hands on it. Then it is cleaned and secured prior to publishing it to protect both the victim organization and the affected clients.

What can I do to protect my accounts?

Use unique passwords and multi-factor authentication (MFA) on services wherever possible. Smart Dolphins recommends using a password manager, such as LastPass or 1Password to secure your accounts so that you can use complex passwords that you do not need to memorize and can test the passwords against a breach.

If you are concerned about the level of cybersecurity awareness at your organization, please contact us to discuss scheduling an educational seminar for your employees.

Read more at:

https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/

https://www.troyhunt.com/data-enrichment-people-data-labs-and-another-622m-email-addresses/