Top background check services hit by data breach

Identity data on millions of users stolen

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Two of the biggest onlinebackground check serviceshave suffered recent data breaches that saw sensitive data on millions of their users leaked online.

News of the attack on TruthFinder and Instant Checkmate was confirmed by PeopleConnect, the company that owns both affected organizations.

Background checkers are services that allow people to do their due diligence on other people. Whether when looking to employ someone, or for any other reason, people can use these services which aggregate publicly available data which would otherwise take quite some time to gather: federal, state, or court records, criminal records, social media data, etc.

Hashed passwords taken

To use the services, they need to subscribe, and now hackers obtained the data belonging to these subscribers. In late January someone posted a thread on the Breached hacking forum, claiming to have obtained sensitive data on 20.22 million customers of the abovementioned firms, who used it by April 16, 2019.

Of that, almost 12 million were Instant Checkmate users, and 8.2 million were TruthFinder. Around 4.6K remaining accounts belong to other service providers.

In the incident, the attackers stoleidentity data: people’s email addresses, hashed passwords, full names, and phone numbers.

Soon after the post, PeopleConnect confirmed the breach.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Data breaches could be even more expensive in 2023>PayPal confirms data breach, sends warning emails to users>These are the best endpoint protection services right now

“We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of TruthFinder subscribers was being discussed and made available in an online forum,” the company said.

“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company.”

PeopleConnect said it will know more once it concludes its investigation, but first reports indicate that this was either an “inadvertent leak or theft of a particular list.”

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set