SL Data Services, a data broker operating under multiple websites, including Propertyrec, has recently exposed over 600,000 sensitive files containing personal information. Discovered by cybersecurity researcher Jeremiah Fowler, the database was found to be unsecured and accessible without a password. This unencrypted 713GB database included 644,869 PDF documents, primarily consisting of background checks, court records, vehicle information, and property ownership details. These files contained highly sensitive data such as names, addresses, phone numbers, social media accounts, criminal histories, and employment information, offering a comprehensive profile of the affected individuals.
The exposed data poses significant risks to the affected individuals. Identity theft, phishing attacks, and impersonation are among the potential threats, as malicious actors could easily gather and exploit the personal data. The information provided by the data broker was often sold to customers for as little as $1 per search, though users frequently unknowingly enrolled in recurring subscriptions instead of one-time payments. This situation further complicates the privacy concerns surrounding the business practices of data brokers.
SL Data Services has not responded to the researcher’s disclosure, though they did restrict public access to the exposed database after Fowler reported the incident. Over the course of a week, from the initial discovery until the public access was shut down, the database grew significantly, indicating the rapid accumulation of sensitive data that was left unprotected for too long. The breach has raised alarm about the lack of oversight and regulation in the data broker industry, where vast amounts of personal data are collected, often without the consent of the individuals involved.
This incident adds to the growing number of data broker-related breaches, with a similar exposure occurring in August 2024, when National Public Data’s breach compromised billions of records. As the frequency of these incidents increases, the need for stronger regulations and better data protection practices becomes ever more critical. For now, the individuals affected by this exposure remain vulnerable to a range of cyber threats, while the broader implications of these data breaches continue to unfold.
Reference:
