BreachExchange mailing list archives
Mysterious data breach called 'db8151dd' exposed email, physical address and job titles of 22 MILLION people - but no one knows exactly where the records came from
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 18 May 2020 09:23:00 -0500
https://www.dailymail.co.uk/sciencetech/article-8324759/Mysterious-data-breach-called-db8151dd-exposed-email-physical-address-job-titles-22M-people.html The personal data on tens of millions of people was been exposed in a data breach without a discernible source, according to an Australian security expert. Researcher Troy Hunt says the breach, dubbed 'db8151dd' - which was disclosed to him in February - exposed the private information of more than 22 million people whose data was stored on a publicly accessible server. Among the information, Hunt details in a new blog post, are email addresses, phone numbers, physical addresses, full names, job titles and social media profiles. Researcher and security expert Troy Hunt says that the database still doesn't have a determinable owner despite multiple months of research (stock) Despite the discovery of the data set, neither Hunt nor the security service, Dehashed, which came to Hunt with the data, have been able to determine exactly who owned the server and what sources information was harvested from. Though much of the data contained in the database could have been scraped from sources like Facebook or LinkedIn, Hunt said his research ruled out that banal origin given some of the contents - for example, Hunt's own phone number - and the fact that information was seemingly associated by owners' recent contacts. '...my record was immediately next to someone else I've interacted with in the past as though the data source understood the association,' Hunt wrote in a post. 'I found that highly unusual as it wasn't someone I'd expect to see a strong association with and I couldn't see any other similar folks.' Facebook buys major GIF-making site Giphy for $400 MILLION...Melting glacier in Alaska could trigger a catastrophic...MIT researchers develop wireless system that measures use...Why 'The Scream' is FADING: Radiation analysis shows... Given that peer association Hunt hypothesized that it's possible that the data was aggregated by a Customer Relationship Management system, but added that the source was still just a guess. 'But nowhere - absolutely nowhere - was there any indication of where the data had originated from,' Hunt wrote. Despite failing to uncover the sources of the breach, Hunt entered the information into the HaveIBeenPwned database, a resource that allows people to search whether their email addresses have been linked to a hack or similar compromise. As far as safeguarding against breaches like this goes, Hunt writes that he's also at a loss: 'There's nothing you nor I can do about it beyond being more conscious than ever about just how far our personal information spreads without our consent and indeed, without our knowledge. And, perhaps most alarmingly, this is far from the last time I'll be writing a blog post like this,' he wrote in a post. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Mysterious data breach called 'db8151dd' exposed email, physical address and job titles of 22 MILLION people - but no one knows exactly where the records came from Destry Winant (May 18)