PeopleConnect data leak exposed the data of 20m TruthFinder and Instant Checkmate customers

PeopleConnect, the parent company of background-checking services TruthFinder and Instant Checkmate, suffered a significant data breach that compromised the sensitive personal information of millions of its users.

On January 21, a threat actor leaked a database on the Breached hacking forum. The database, according to the threat actor, contained information about as many as 20.22 million TruthFinder and Instant Checkmate customers. 

 

According to Bleeping Computer, the threat actor claimed that the leaked information belonged to users who used TruthFinder and Instant Checkmate services till April 16, 2019.

The 2.9GB CSV file contained sensitive personal data of users including their names, email addresses, phone numbers, hashed passwords, password reset tokens, and more. The threat actor segregated the data and claimed that 11,945,733 Instant CheckMate, 8,270,551 TruthFinder, 4,625 TruthFinder International, and 98 other users were affected by the security incident.

After the data exposure came to light, PeopleConnect confirmed via notifications on both TruthFinder and Instant Checkmate platforms that it suffered a data breach and that the database found on the dark web belonged to them.

“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company,” the company said.

PeopleConnect said that as soon as it identified the security incident, it launched an internal investigation with assistance from third-party forensic and threat intelligence experts to understand the nature and scope of the incident. While the company said that its initial investigation did not uncover any evidence of malicious activity on its network, it is yet to reveal how the threat actors gained access to the company database.

“The published list in question does not evidence user activity, such as queries or reports on our system, and does not appear to involve leakage of payment information, readable or usable passwords, or other means to compromise user accounts. Nevertheless, as a best practice, we would recommend that you not respond to suspicious communications.

“We will never ask you for your password, social security number, or payment information via email or telephone. TruthFinder appreciates the seriousness of any unwanted leak or theft of customer data. We remain committed to looking out for our subscribers’ interests in this, and all matters, involving the security of their personal information,” the company said.