There are a lot of reasons to worry about what happens with your personal information online. Even if no one ever breaks into your bank account or takes over your Facebook, that doesn't mean they aren't collecting your information and stitching together a profile that includes everything from your name and email address, to your phone number and social media profiles.
The latest breach of personal information was discovered in October by a security researcher named Vinny Troia. He found almost four terabytes of data--about 1.2 billion records--simply sitting in an unsecured Google Cloud server, Wired reported on Friday.
Troia describes the data as a collection of profiles that include home and mobile phone numbers, email addresses, work histories based on LinkedIn profiles, and other social media profiles like Twitter and Facebook.
"This is the first time I've seen all these social media profiles collected and merged with user profile information into a single database on this scale," Troia told Wired.
The database doesn't appear to include any Social Security numbers or account passwords, but that doesn't mean it isn't dangerous. In an era where cyber-thieves have grown increasingly adept at impersonating others in an attempt to gain control of user accounts, this information is a gold mine.
Some companies simply scrape together publicly available information and store it in databases for marketers or other interested parties. For example, at least some of the information Troia found--including 600 million email addresses--appears to have come from a company called People Data Labs (PDL), which provides it to a variety of customers.
This information is usually used to create profiles of consumers like you and me. For instance, when we enter an email address to get a discount code from an online retailer, the retailer can match that email address to other information like social media profiles, job title, and even income.
That's creepy, to be sure, but technically legal. The problem is when all that information ends up in the wrong hands.
PDL told Wired that it doesn't believe it was hacked, since it would be easier to simply obtain the information through legitimate means. But the existence of the information itself is concerning. While it's not clear exactly who owned the database, what they planned to do with it, or where it came from originally, the reality is that these companies have plenty of your personal data stored. Most people would likely be shocked to find out exactly how much information is collected, and how much these companies know about them.
Troia says he has notified the FBI and the database was taken offline. He also uploaded the information to www.haveibeenpwned.com, which allows users to identify whether or not their personal data has been included in a data breach. If, for example, your email address was included, that doesn't mean your account has been compromised, but it's probably a good idea to at least change your password (I just did).