The most massive data leak that’s ever happened includes neatly bundled information for more than 1 billion people. Keep in mind that the estimated population of the United States is only 330 million. If you use email, you are probably exposed.
The leak exposed a tremendous amount of information about you, your personal and work history, your interests and hobbies, current and past contact information, and more all gathered and stored in one package. If someone knows your email address, they could immediately know your birthdate if you ever entered that date into a social media profile.
The data might also include your religion, financial information, members of your family, buying preferences, and more. It is alarming that your information is now more readily available than ever. Even more disturbing is that interested parties can access your data all in one place. Do you read the privacy policies when you install applications or sign up for services? You often agree that they can share some or all of your information with third parties. Those third parties may be data aggregation companies, called enrichment companies. This leak’s source was an Elasticsearch server. It contained data from two data enrichment servers called People Data Labs and OxyData.
What should you do? Now, more than ever, watch for fraudulent messages that seem very legitimate. Consider an example if your data set includes your phone provider. Social engineers might pretend to be your phone provider. They will demonstrate that they know real towns where you’ve lived. They’ll add legitimacy by including your accurate birthdate, one of your hobbies, and potentially your credit history. On the flip side, people that have your information can impersonate you to organizations. They might reset a password or change your listed email address so they can access your protected accounts. They might be more successful at tricking your relatives and friends into clicking a link because they’ll recognize personal details.
Use different passwords at different websites. Enable two-step verification as suggested and described in prior newsletters. Warn your friends that they must be more vigilant than ever for frauds and scams, even when the contact seems to know all about them.