Mystery Data Breach Dubbed ‘db8151dd’ Exposes Records of 22 Million People

Screenshot of records found in mystery data dump.

A massive data breach dubbed db8151dd has exposed the records of 22M people – including addresses, phone numbers, and social media links. But the source of the data is a mystery …

I got an email alert this morning from the haveibeenpwned.com site telling me that my details were included. The exposed data appears extensive.

Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles

However, Troy Hunt, who runs the site, said that nobody has been able to identify where the information came from.

I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It’s about a data breach with almost 90GB of personal information in it across tens of millions of records – including mine. Here’s what I know:

Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance. It contained 103,150,616 rows in total […]

The global unique identifier beginning with “db8151dd” features heavily on these first lines hence the name I’ve given the breach. I’ve had to give it this name because frankly, I’ve absolutely no idea where it came from, nor does anyone else I’ve worked on with this […]

It’s mostly scrapable data from public sources, albeit with some key differences. Firstly, my phone number is not usually exposed and that was in there in full. Yes, there are many places that (obviously) have it, but this isn’t a scrape from, say, a public LinkedIn page. Next, my record was immediately next to someone else I’ve interacted with in the past as though the data source understood the association. I found that highly unusual as it wasn’t someone I’d expect to see a strong association with and I couldn’t see any other similar folks. But it’s the next class of data in there which makes this particularly interesting.

That ‘interesting’ data appears to come from customer relationship management (CRM) systems, including things like:

Recommended by Andie [redacted last name]. Arranged for carpenter apprentice Devon [redacted last name] to replace bathroom vanity top at [redacted street address], Vancouver, on 02 October 2007.

Best guess is it’s some kind of aggregated data from a number of sources, but as neither Hunt nor other information security professionals have been able to identify any of them despite attempts lasting almost three months, it appears the details of the privacy breach may remain a mystery.


* This article was syndicated and expanded from 9 to 5 Mac.


Be the first to comment

Leave a comment: