The mere headline of this story should be more than enough to send shivers down our spine. As if the word sensitive was not enough to raise eyebrows, the situation gets far worse when we absorb the quantum of this vulnerability. Let’s first contemplate the scale of this problem.

A cybercrime hunter claims to have stumbled upon an unprotected cloud server during a routine scan of the cyber space for any possible clues. The discovered server was housing a database of nearly 1.2 billion individuals. This amounts to nearly an eight of the current world population.

If we exclude the people who are not using the internet or social media platforms, the ratio further aggravates and may even account for nearly a sixth of the total world population. The data is of both personal and sensitive nature as it comprises of social media accounts, email addresses and phone numbers.

Although phone numbers are by no means any less alarming, still the other two components of the database namely social media accounts and email addresses are a serious cause for concern. The way we interact with technology these days, a sizable chunk of our personal lives resides over our social media accounts and emails.

The data is both of a highly personal and sensitive nature. A company called People Data Labs was responsible for collecting the data. It is a data collection entity that collects and manages social media accounts and work emails. Its end goal of collecting this data is selling it to marketing agencies as potential leads.

An important aspect of this discovery is that although the data was collected by People Data Labs, the exposed server did not belong to the company. Interestingly, it was one of Google’s Cloud Based Servers that housed the database. Google is yet to officially comment over this matter, if at all.

The data collection company People Data Labs is not owning the entire database but admits that a part of the whole database was in fact collected by it. People Data Labs is diverting the responsibility of the exposed server to some other anonymous entity that also manages and sells such data.

The true extent of the misuse of this data is also unknown as yet because this is a developing story. Regardless of who is responsible for this criminal negligence, the sheer scale of data strongly warrants an in depth investigation. The key countries to which this data allegedly relates are USA, UK and Canada.

Even otherwise, these countries have quite strong laws and regulations about how data will be collected, stored and managed, especially if it is of a sensitive nature. The issue goes much beyond finding the perpetrator and meting out a certain penalty or punishment.

A holistic review is required about how sensitive and personal data of millions of people is collected, stored, managed and then sold to no one knows how many entities. Unless we devise and strongly implement a strong mechanism for these activities, such events will keep gracing the headlines of tech industry.

Official News Source: Bloomberg