The cybersecurity researcher
Vinny Troia has discovered on the Dark Web personal information leaked from
1200 million people in an unsecured online database that occupies 4 terabytes (TB), which although it has already been deleted was easily accessible.
This new collection
does not include passwords, credit card numbers or Social Security users. However, it contains phone numbers, social network profiles (Facebook, Twitter, LinkedIn and Github), 622 million emails, as well as resumes and professional data extracted from the professional social network LinkedIn,
according to Wired.
"It's the first time I see so many social media profiles collected and merged with personal information in a single database," Troia said. "From the perspective of an attacker, if the goal was to impersonate a person or hack their accounts, there are names, phone numbers and associated account URLs. It's a lot of information on the same site," he added.
As Wired explains, Troia was looking for data leaks on the Dark Web when he discovered the server, whose IP points to the Google Cloud service. Troia has explained that he does not know who grouped all the information on the server and if someone found the data before him and downloaded it. He also stressed that the server was easy to find and access.
In addition, Troia notified its discovery to the United States Federal Bureau of Investigation (FBI) in October and that a few hours later, someone removed the server and the leaked data.
773 million emails in January
Although the origin of the data leak continues to be unknown, three of the four parts into which the information was divided seem to come from the American company People Data Labs, which claims to have data of 1,500 million people, although it has denied having the server that uploaded the data to the Dark Web.
The new leak comes after a data leak was discovered in mid-January that revealed 773 million unique email accounts through a list called 'number one collection', published in hackers' forums.
At the end of the same month, a collection of 2200 million passwords and unique users appeared on the dark web, in what cybersecurity researchers called Collection 2-5. The filtering comes from 'hacks' already known to services such as Yahoo, LinkedIn and Dropbox and that had been circulating on the Internet for some time and was even downloaded thousands of times.
How to check if your data is affected
The easiest way to verify if this filtering (and previous ones) affect you, you can check the site
Have I Been Pawned, which allows you to check if an email address is among those affected, or if a password is among the stolen ones (they do not necessarily appear in the same database).
The recommendation, if it appears on that list, is to update the password to avoid possible unauthorized access, although its presence on that list does not necessarily indicate that the account is violated; This database contains the email addresses, but no passwords associated with them; still, it represents a danger to your privacy.
. They steal data from 1200 million people: how to know if it affects you – LA NACION