Profiles of 1.2 billion individuals were left exposed on a single server that contained everything from social media accounts to phone numbers and email addresses.
The data trove contained millions of social media profiles, nearly 50 million phone numbers and 622 million email addresses - making it one of the largest leaks from a single source in history.
The leak was discovered by a dark web researcher who said the server shared enough information that hackers could easily impersonate the victims online.
Vinny Troia made the discovery in October while looking for exposures with fellow security researcher Bob Diachenko on the web scanning services BinaryEdge and Shodan, as first reported on by Wired.
'This is the first time I've seen all these social media profiles collected and merged with user profile information into a single database on this scale,' Troia told Wired.
'From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs.'
Approximately 1.2 billion profiles containing everything from social media accounts to phone numbers and email address were left exposed on a single server. The data trove contained nearly 50 million phone numbers and 622 million email addresses, dubbing it 'one of the largest data leaks from a single source organization in history'
He and Diachenko stumbled upon four billion accounts, which belonged to the 1.2 billion individuals, spanning more than four terabytes of data, but were unable to locate the culprit behind the leak -the server could only be traced back to Google Cloud Services.
There was also no way to know if the data had been downloaded or found by anyone else prior to his discovery, Troia noted in a blog post.
'The lion's share of the data is marked as 'PDL', indicating that it originated from People Data Labs [PDL],' he wrote.
'However, as far as we can tell, the server that leaked the data is not associated with PDL.'
As soon as you open PDL's website, the page highlights that the firm has 'a dataset of resume, contact, social, and demographic information for over 1.5 Billion unique individuals.'
'With just a few lines of code, you can begin enriching anywhere from dozens to billions of records with over 150 data points.'
According to Wired, this massive dataset includes 'more than a billion personal email addresses, more than 420 million LinkedIn URLs, more than a billion Facebook URLs and IDs, and more than 400 million phone numbers, including more than 200 million valid US cellphone numbers.'
The data trove contained millions of social media profiles, from Facebook and LinkedIn, nearly 50 million phone numbers and 622 million email addresses -dubbing it 'one of the largest data leaks from a single source organization in history'
However the firm's cofounder, Sean