1.2 billion records exposed in unsecured database

The information includes names, job titles, email addresses, phone numbers and locations.

Corinne Reichert Senior Writer
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently oversees the CNET breaking news desk for the West Coast. Corinne covers everything from phones, social media and security to movies, politics, 5G and pop culture. In her spare time, she watches soccer games, F1 races and Disney movies.
Expertise News
Corinne Reichert

Names, addresses, phone numbers, job titles and locations were exposed.

James Martin/CNET

Security researchers found an unprotected server that exposed 1.2 billion records of personal data, including email addresses, employers, locations, job titles, names, phone numbers and social media profiles, according to a notification sent Friday to people affected by the exposure.

"In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server," according to the email. "The exposed data included an index indicating it was sourced from data enrichment company People Data Labs and contained 622 million unique email addresses."

PDL Notice
Screenshot by CNET

The data had been aggregated by PDL, but the email added that PDL didn't own the server. Rather, a customer likely "failed to properly secure the database."

The exposure was dated Oct. 16.

PDL didn't immediately respond to a request for comment. The company's LinkedIn profile said it has a "dataset of 1.5 billion unique person profiles to build products, enrich person profiles, power predictive modeling/AI, analysis, and more."

PDL is based in San Francisco and mentions working with companies including eBay and Adidas "as their engineering focused people data partner."