Monday, December 9, 2024
HomeCyber Security News600,000+ Sensitive Records Exposed From Background Checks Service Provider

600,000+ Sensitive Records Exposed From Background Checks Service Provider

Published on

SIEM as a Service

A publicly exposed database has left the sensitive information of hundreds of thousands of individuals vulnerable to potential misuse.

Not protected by passwords or encryption, the database contained 644,869 PDF files, totaling 713.1 GB, exposing a treasure trove of personal information.

The data, mostly labeled as “background checks,” included a wide range of personally identifiable information (PII) such as full names, home addresses, phone numbers, email addresses, employment details, family connections, social media accounts, and criminal history.

- Advertisement - SIEM as a Service
This screenshot shows how the background check documents appeared in any web browser. The database contained and exposed the PII of thousands of individuals.
This screenshot shows how the background check documents appeared in any web browser. The database contained and exposed the PII of thousands of individuals.

This alarming exposure traces back to SL Data Services, LLC, which appears to operate a network of approximately 16 websites providing various information services.

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

Among these, Propertyrec stands out, a site known for property and real estate research data.

The breach not only suggests a lack of robust security measures but also raises serious privacy concerns, as the leaked information could potentially be exploited for targeted phishing attempts, social engineering attacks, or even identity theft.

The discovery was made by an independent security researcher who promptly sent a responsible disclosure notice.

Despite this, it took over a week for public access to the database to be restricted, during which time the number of documents grew from 513,876 to 664,934.

SL Data Services and Propertyrec did not respond to the disclosure notification or to subsequent inquiries before publication, leaving it unclear whether the database was managed by them directly or by a third-party contractor.

Sensitive Records Exposed

According to USA Today, Propertyrec is known for providing access to millions of public and private property records across the United States.

However, customer support confirmed that the company’s offerings extend to criminal checks, DMV records, and even death and birth records, as per a report by Website Planet.

Adding to the controversy, customer reviews suggest that users are often enrolled in a subscription service inadvertently, facing recurring charges instead of a one-off payment.

The exposed background checks likely occurred without the knowledge or consent of the individuals involved, amplifying the potential for abuse.

While court records and sex offender statuses are public in the U.S., the aggregation of this data with other sensitive information could allow malicious actors to construct comprehensive profiles for nefarious purposes.

This breach echoes the August 2024 National Public Data incident, where similar vulnerabilities led to hackers advertising stolen personal information on the dark web.

Given the persistent risk of significant breaches, experts urge companies to adopt more stringent data protection measures, such as using encrypted, randomized file identifiers rather than names or PII.

The ethical researcher behind the discovery emphasized that their actions were solely aimed at highlighting vulnerabilities and prompting corrective measures.

They eschewed any unauthorized activities, underscoring the importance of security awareness and the need for independent assessments to safeguard private data.

The incident serves as a stark reminder of the critical importance of cybersecurity, urging all organizations handling sensitive information to bolster their defenses and prevent future breaches.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Google Announces Vanir, A Open-Source Security Patch Validation Tool

Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and...

New Transaction-Relay Jamming Vulnerability Let Attackers Exploits Bitcoin Nodes

A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin...

Raspberry Pi 500 & Monitor, Complete Desktop Setup at $190

Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its...

Qlik Sense for Windows Vulnerability Allows Remote Code Execution

Qlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Google Announces Vanir, A Open-Source Security Patch Validation Tool

Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and...

New Transaction-Relay Jamming Vulnerability Let Attackers Exploits Bitcoin Nodes

A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin...

Raspberry Pi 500 & Monitor, Complete Desktop Setup at $190

Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its...