Friday, November 29, 2024
HomeCyber Security News600,000+ Sensitive Records Exposed From Background Checks Service Provider

600,000+ Sensitive Records Exposed From Background Checks Service Provider

Published on

A publicly exposed database has left the sensitive information of hundreds of thousands of individuals vulnerable to potential misuse.

Not protected by passwords or encryption, the database contained 644,869 PDF files, totaling 713.1 GB, exposing a treasure trove of personal information.

The data, mostly labeled as “background checks,” included a wide range of personally identifiable information (PII) such as full names, home addresses, phone numbers, email addresses, employment details, family connections, social media accounts, and criminal history.

- Advertisement - SIEM as a Service
This screenshot shows how the background check documents appeared in any web browser. The database contained and exposed the PII of thousands of individuals.
This screenshot shows how the background check documents appeared in any web browser. The database contained and exposed the PII of thousands of individuals.

This alarming exposure traces back to SL Data Services, LLC, which appears to operate a network of approximately 16 websites providing various information services.

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

Among these, Propertyrec stands out, a site known for property and real estate research data.

The breach not only suggests a lack of robust security measures but also raises serious privacy concerns, as the leaked information could potentially be exploited for targeted phishing attempts, social engineering attacks, or even identity theft.

The discovery was made by an independent security researcher who promptly sent a responsible disclosure notice.

Despite this, it took over a week for public access to the database to be restricted, during which time the number of documents grew from 513,876 to 664,934.

SL Data Services and Propertyrec did not respond to the disclosure notification or to subsequent inquiries before publication, leaving it unclear whether the database was managed by them directly or by a third-party contractor.

Sensitive Records Exposed

According to USA Today, Propertyrec is known for providing access to millions of public and private property records across the United States.

However, customer support confirmed that the company’s offerings extend to criminal checks, DMV records, and even death and birth records, as per a report by Website Planet.

Adding to the controversy, customer reviews suggest that users are often enrolled in a subscription service inadvertently, facing recurring charges instead of a one-off payment.

The exposed background checks likely occurred without the knowledge or consent of the individuals involved, amplifying the potential for abuse.

While court records and sex offender statuses are public in the U.S., the aggregation of this data with other sensitive information could allow malicious actors to construct comprehensive profiles for nefarious purposes.

This breach echoes the August 2024 National Public Data incident, where similar vulnerabilities led to hackers advertising stolen personal information on the dark web.

Given the persistent risk of significant breaches, experts urge companies to adopt more stringent data protection measures, such as using encrypted, randomized file identifiers rather than names or PII.

The ethical researcher behind the discovery emphasized that their actions were solely aimed at highlighting vulnerabilities and prompting corrective measures.

They eschewed any unauthorized activities, underscoring the importance of security awareness and the need for independent assessments to safeguard private data.

The incident serves as a stark reminder of the critical importance of cybersecurity, urging all organizations handling sensitive information to bolster their defenses and prevent future breaches.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters

Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security...

New Phishing Attack Targeting Corporate Internet Banking Users

A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users.This...

UK Healthcare Provider Hit by Cyberattack, Services Affected

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack,...

Zyxel Firewall Vulnerability Actively Exploited in Attacks

Zyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters

Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security...

New Phishing Attack Targeting Corporate Internet Banking Users

A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users.This...

UK Healthcare Provider Hit by Cyberattack, Services Affected

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack,...