Läsarkommentarer

Mysterious breach exposed email, physical address, job titles of 22M

443 4006 Roma Bracewell (2020-10-10)


The personal data on tens of millions of people was been exposed in a data breach without a discernible source, according to an Australian security expert.

Researcher Troy Hunt says the breach, dubbed 'db8151dd' - which was disclosed to him in February - exposed the private information of more than 22 million people whose data was stored on a publicly accessible server.

Among the information, Hunt details in a new blog post, are email addresses, phone numbers, physical addresses, full names, job titles and social media profiles.






Researcher and security expert Troy Hunt says that the database still doesn't have a determinable owner despite multiple months of research (stock)


Despite the discovery of the data set, neither Hunt nor the security service, Dehashed, which came to Hunt with the data, wbc247 have been able to determine exactly who owned the server and what sources information was harvested from.

Though much of the data contained in the database could have been scraped from sources like Facebook or LinkedIn, Hunt said his research ruled out that banal origin given some of the contents - for example, Hunt's own phone number - and the fact that information was seemingly associated by owners' recent contacts.

'...my record was immediately next to someone else I've interacted with in the past as though the data source understood the association,' Hunt wrote in a post.

'I found that highly unusual as it wasn't someone I'd expect to see a strong association with and I couldn't see any other similar folks.'






RELATED ARTICLES


Previous

1

Next




Facebook buys major GIF-making site Giphy for $400 MILLION... Melting glacier in Alaska could trigger a catastrophic... MIT researchers develop wireless system that measures use... Why 'The Scream' is FADING: Radiation analysis shows...




Share this article

Share

52 shares



Given that peer association Hunt hypothesized that it's possible that the data was aggregated by a Customer Relationship Management system, but added that the source was still just a guess. 

'But nowhere - absolutely nowhere - was there any indication of where the data had originated from,' Hunt wrote.









Despite failing to uncover the sources of the breach, Hunt entered the information into the HaveIBeenPwned database, a resource that allows people to search whether their email addresses have been linked to a hack or similar compromise. 

As far as safeguarding against breaches like this goes, Hunt writes that he's also at a loss: 

'There's nothing you nor I can do about it beyond being more conscious than ever about just how far our personal information spreads without our consent and indeed, without our knowledge. And, perhaps most alarmingly, this is far from the last time I'll be writing a blog post like this,' he wrote in a post.



Read more:

Troy Hunt: The Unattributable "db8151dd" Data Breach

© Socialmedicinsk tidskrift. All rights reserved!