PeopleConnect Announces Data Breach to Background Check Websites It Owns
Table of Contents
- By Steven
- Feb 08, 2023
The web of connections for this data breach Is difficult to keep up with, but we’ll do our best to keep it as simple as possible. PeopleCOnnect owns TruthFinder and InstantCheckmate, but Intelius owns PeopleConnect, and H.I.G. Capitol owns Intelius. At this point, it’s a miracle that only PeopleConnect’s subsidiaries were affected. More than 20 million people were affected, but it could have been much worse.
How Did the Attack Occur?
PeopleConnect’s research showed that the data breach came from within the company’s systems. This means that an employee intentionally either sold the information to a hacker or had access to the deep net on their own. There was speculation that the leak was accidental, but it is impossible to stumble upon the dark web accidentally. Access to the black market is invitation-only; you can’t access the dark web – even if you know the I.P. address – without an existing user inviting you. Once you have an account/profile, you can access it anywhere. All you have to do is send yourself an invite.
What Information Was Viewed or Stolen?
The unauthorized party leaked the personal information of 20.22 million people from a 2019 backup database. The database included the names, emails, phone numbers, hashed passwords, and old password reset tokens of Instant Checkmate and TruthFinder subscribers. The only members affected were those that signed up for or used the service between 2011 and 2019. It has been said that every user at that time was involved in the breach, but it is still being investigated. However, none of the details of the site’s use (who was searched for, what the results were, etc.) were included.
How Did PeopleConnect Admit to the Breach?
PeopleConnect posted notices onto TruthFinder and Instant Checkmate. “We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019,” read the notes. “The published list originated inside our company.”
What Will Become of the Stolen Information?
The stolen information is already being sold. The details were posted to a dark web forum on January 21, 2023, and have been there since. The details include the following:
- Almost 12 million Instant Checkmate users
- 8.27 million TruthFinder users
- 4.6 thousand TruthFinder International users
- 98 others
The price of the information is not general knowledge, but it may be valuable to certain parties. The bad actor could gain quite a lot from selling the items, though not as much as if they had leaked details from a medical practice.
What Should Affected Parties Do in the Aftermath of the Breach?
After this breach, you should apply for credit, device, identity, and dark web monitoring. These can be incredibly useful in the long run. Luckily, the unauthorized party doesn’t seem to have accessed any payment information, though having troves of information like names, emails, and phone numbers is still dangerous. Be on the lookout for suspicious emails, phone calls, or text messages, as they could be attempted phishing scams. Always do your best to stay safe; we live in a dangerous world, but fear doesn’t have to overtake your life.