Two of the largest online background check services have suffered recently from data breaches that have seen the sensitive data of millions of their users leaked online.
The news of the attack on TruthFinder and Instant Checkmate was confirmed by PeopleConnect, the company that owns both affected organizations.
Background checkers are services that allow people to do due diligence on other people. Whether they want to hire someone or for any other reason, people can use these services that aggregate publicly available data that would otherwise take a long time to collect: federal, state or court records, criminal records, media data etc.
Encrypted passwords were taken
They have to buy a subscription to use the services, and now the hackers have obtained data belonging to those subscribers. In late January, someone posted a thread on the hacking forum Breached claiming to have obtained sensitive data from 20.22 million customers of the aforementioned companies who used them until April 16, 2019.
Of these, nearly 12 million are Instant Checkmate users and 8.2 million are TruthFinder users. About 4.6 thousand of the remaining accounts belong to other service providers.
In the incident, the attackers stole identity details (opens in a new tab): people’s email addresses, encrypted passwords, names and phone numbers.
Shortly after the post was published, PeopleConnect confirmed the breach.
“Recently, we became aware that a list of TruthFinder subscribers, including in some cases name, email address, phone number, as well as securely encrypted passwords and expired and inactive password reset tokens, was discussed and shared on an online forum,” the company said. .
“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list comes from our company.
PeopleConnect said it would know more once the investigation is complete, but initial reports indicate it was either “an inadvertent leak or the theft of a specific list.”
By: Beeping Computer (opens in a new tab)