‘Mystery’ data breach dubbed db8151dd exposes records of 22M people
by Ecopirate - May 16, 2020 at 12:42 AM
#1
‘Mystery’ data breach dubbed db8151dd exposes records of 22M people
- May. 15th 2020 5:08 am PT

A massive data breach dubbed db8151dd has exposed the records of 22M people 
– including addresses, phone numbers, and social media links. But the source of the data is a mystery …

I got an email alert this morning from the haveibeenpwned.com site telling me that my details were included.
The exposed data appears extensive.
Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles

However, Troy Hunt, who runs the site, said that nobody has been able to identify where the information came from.

I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. 
It’s about a data breach with almost 90GB of personal information in it across tens of millions of records – including mine. Here’s what I know:

Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance. It contained 103,150,616 rows in total […]

The global unique identifier beginning with “db8151dd” features heavily on these first lines hence the name I’ve given the breach.
I’ve had to give it this name because frankly, I’ve absolutely no idea where it came from, nor does anyone else I’ve worked on with this […]

It’s mostly scrapable data from public sources, albeit with some key differences. Firstly, my phone number is not usually exposed and that was in there in full.
Yes, there are many places that (obviously) have it, but this isn’t a scrape from, say, a public LinkedIn page. Next, my record was immediately next to someone else
I’ve interacted with in the past as though the data source understood the association. I found that highly unusual as it wasn’t someone I’d expect to see a strong
association with and I couldn’t see any other similar folks. But it’s the next class of data in there which makes this particularly interesting.

That ‘interesting’ data appears to come from customer relationship management (CRM) systems, including things like:

Recommended by Andie [redacted last name]. Arranged for carpenter apprentice Devon [redacted last name] to replace bathroom vanity top at [redacted street address],
Vancouver, on 02 October 2007.

Best guess is it’s some kind of aggregated data from a number of sources, but as neither Hunt nor other information security professionals have been able to identify
any of them despite attempts lasting almost three months, it appears the details of the privacy breach may remain a mystery.

Screenshot of the data here:
https://9to5mac.com/2020/05/15/db8151dd/
#2
It's somewhere in this forum. And there has been a possible id in hacker news already. More news at 8.
#3
(May 16, 2020 at 12:43 AM)thelittletux Wrote: It's somewhere in this forum. And there has been a possible id in hacker news already. More news  at 8.

Which link, sir?... thank you sir
#4
Does anyone has a link to that??
#5
Soon the data will become public, just in matter of time.
#6
It's an interesting one, curious where it's come from.
#7
It could be very interesting this data...we have to wait....
#8
anyone know if this has become public yet?
#9
Soon the data will become public
#10
This looks interesting, wonder when it will turn up here.
#11
It was Covve, an address book service
https://covve.com/opinion/security-incident/
#12
Thanks trashwang for that information.

Possibly Related Threads…
Thread Author Replies Views Last Post
47.5 million indian Truecaller records for $1000 crockett 17 661 June 16, 2020 at 09:32 PM
Last Post: nugget3000
Hacker shares 40 million Wishbone user records for free Ecopirate 14 931 June 13, 2020 at 09:18 PM
Last Post: Lord Empire
How to decode a data breach notice Ecopirate 9 1,232 June 01, 2020 at 08:52 AM
Last Post: BubbaGum

 Users browsing this thread: 1 Guest(s)