How Much Information Was at Risk in the PDL Data Leak?

Cyber Security

A shortened summary of the PDL Data Breach

Cybersecurity experts Bob Diachenko and Vinny Troia discovered back in October last year that 1.2 billion people’s personal data records were available for anyone to access on a Deep Access internet server. The data, proven to come from People Data Labs (PDL), included 622 million individual email addresses and over 50 million phone numbers.

The data contained in the breach

In addition to the email addresses and phone numbers, the data also contained usernames and social media accounts. Fortunately, there were no passwords or social security numbers included. However, the material found within the breach provides sufficient detail to facilitate identity fraud.

In this wired article, Troia said that it was the first time he had seen such a collection of media profiles merged with user profile data on one database to this scale. He went on to say that from a cyber criminal’s point of view, it gives them everything they need to hijack not only identities, but accounts too with associated URLs.

As this data can be accessed without payment, the purpose behind the leak is not apparent. There were not any links to an author. PDL maintain that the data wasn’t obtained via a breach. They theorise it may have been sold on or released by one of their clients.

Comparisons to the LinkedIn Breach of 2016

It is not the first time that leaks like this happened, nor will it be the last. They have been happening since the birth of the internet. Back in the year 2016, LinkedIn lost the credentials of 164 million of its account holders. This data included passwords, and it was also leaked to the Deep Web.

In 2019, the total number of data breaches was more than in 2018. The situation continues to worsen. The operator of “HaveIBeenPwned,” Troy Hunt, stated that an ever-growing amount of private data is being illegally distributed than ever before. It involves previous breaches as well as new.

It is because of a change in the law. Companies are now required to declare any leaks or breaches in accordance with EU GDPR Regulations. It is further exacerbated by the increase in the amount of available data and the developing skills of the hacker set.

How to the Deep Web and the Dark Web differ?

The Deep Web is a piece of cyberspace to which mainstream search engines cannot gain access. Leaked data can be found here.

The Dark Web is a part of the Deep Web and is as menacing as it sounds because this is where you’ll find illegal activity happening. Originally, it was created for the US Secret Service to enable them to access data without being traced. Unfortunately, that same untraceable quality made it a valuable asset for criminals.

Have you been affected by the PDL Data Breach?

If you would like to find out what information is accessible on the Dark Web, there are some scanning tools you can use to investigate. The website has a list of the top 10. In addition, here are some other measures you might like to consider.

  • Instigate a strict password culture throughout your company.
  • Educate your staff on matters of cybersecurity.
  • Create or review your existing cyber-security protocols.
  • Carry out a cyber-security audit and act on its findings.
  • Install appropriate tools, like Cisco Firewalls, to protect your IT set-up.
  • Take advantage of the Gov UK Cyber Essentials Scheme.

If you are concerned about your company’s exposure to the Dark Web and the danger from cyber threats, there are plenty of people around you can approach for technology assistance.


Computers in the City, your IT partner

Computers in the City is London’s longest-standing IT partner. With over 20 years’ experience, we can assist you to meet your IT support, consulting and cloud computing needs. We’re proud to be local, offering 24-hour support in straightforward language that takes the stress out of IT support.