In possibly the second-largest data exposure of all time, account records for 1.2 billion people were found unprotected online.

Wired reported today that the data on an open Elasticsearch server included various databases with a trove of data. Some of the data included IP addresses as well other various personally identifiable data such as names, email addresses, phone numbers, LinkedIn and Facebook profile information.

It reportedly didn’t include critical information such as passwords, credit card numbers or Social Security numbers. Within a few hours, the server apparently was taken offline. The U.S. Federal Bureau of Investigation is said to be investigating.

The exposed databases were discovered by Bob Diachenko and Vinny Troia, but there is the possibility that it may be multiple exposures combined for a nearly unprecedented leak.

Troia, founder of the threat intelligence platform Data Viper, wrote today in a blog post that based on their analysis of the data, they believe the data originated from People Data Labs, a data aggregator and enrichment company. However, he said that “after notifying PDL, we were informed that the server in question does not belong to them. This is consistent with our research as the server in question resided on Google Cloud.”

He added that the data could have come from a customer of People Data Labs or another data enrichment service. The bottom line is that it’s not yet clear who exposed the data.

Regardless, Dvir Babila, head of product management at cybersecurity company Cycognito Inc., told SiliconANGLE, “This is a massive breach and a major open question is who owned the server behind the breach. Determining the ownership of IT assets that exist in the shadows like this requires a lot of fingerprints, and you have to associate those fingerprints with other IT assets exposed on the internet to build a complete picture.”

Babila added that doing that manually with so much raw threat intelligence data is very challenging. “Applying mathematical techniques, such as a graph data model, works well. With more of every organization’s IT assets living in cloud environments than ever, a new level of automation has to be applied to threat intelligence both for assessing risk and for dealing with post-incident forensics,” he said.

A 1.2 billion-person hack is nearly unprecedented, said Jason Kent, hacker in residence at Cequence Security Inc. “That this sort of data, let alone the size of the database, is available is pretty frightening,” he said. “Until now the database information has been contextual, such as financial data from a financial database breach for instance. Here we see a new and potentially dangerous correlation of data like never before.”

Tim Erlin, vice president of product management and strategy at Tripwire, noted that in a connected world, it’s the connections that matter most. “Personal data that isn’t exactly secret, and might even be public, takes on new meaning when collected and connected,” he said. “Repositories like these are concerning, not only because of the data they contain, but because as an industry we don’t really have a way to measure the impact of this type of exposure.”

Image: MaxPixel