People Data Labs; PeopleDataLabs Data Breach
People Data Labs Data Broker Exposure (2019): 622 Million Professional Profiles Found in Unprotected Database
Data provider focused on people and workforce intelligence.
Risk Interpretation
High risk because the data is already normalized for targeting. Exposure can enable large-scale profiling, people-search abuse, spearphishing, executive targeting, and identity linkage across datasets.
Impact & Downstream Threats
The 2019 incident is best understood as a major downstream exposure tied to People Data Labs-sourced enrichment data, not a straightforward compromise of People Data Labs’ own production systems. Public reporting and breach trackers say the exposed Elasticsearch server was not owned by PDL and was likely operated by a customer, but the incident still put People Data Labs at the center of a very large exposure involving names, emails, phone numbers, job history, geographic data, and social profil
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
- Employment-based social engineering using job and employer data
- Social media account targeting and impersonation
Threat Vectors
Breach Intelligence
Executive Summary
People Data Labs, a San Francisco-based data broker specializing in professional profile enrichment, was at the center of one of the largest personal data exposures ever recorded. In October 2019, security researchers Vinny Troia and Bob Diachenko discovered an unprotected Elasticsearch server hosted on Google Cloud Services containing roughly 1.2 billion records across 4 terabytes. The exposed data included an index traced to PDL and contained 622 million unique email addresses. PDL denied owning the server, attributing the exposure to a customer who failed to secure their copy of the data. The records exposed included names, email addresses, phone numbers, job titles, employers, geographic locations, and social media profiles from platforms including LinkedIn, Facebook, and GitHub. Because this data had already been normalized and enriched for professional targeting, it was especially ready for misuse. Affected individuals faced elevated risks of spearphishing, identity linkage across datasets, people-search abuse, and highly personalized social engineering attacks. No major regulatory action or class action was publicly reported in connection with this incident. PDL maintained that securing customer-held data falls outside its responsibility once the data is transferred. For affected individuals, the practical risk remains: their professional and personal identity details may have been scraped, aggregated, or further exposed by third parties, with limited ability to know where that information has since traveled.
About People Data Labs; PeopleDataLabs
People Data Labs is a B2B data broker and API provider focused on people, company, and workforce intelligence. Its products are built for enrichment, identity resolution, recruiting, analytics, and modeling use cases, and the company markets large-scale person and company datasets as infrastructure for enterprise technical teams. �
Why They Hold Your Data
People and company data providers aggregate workforce, identity, employment, company, and contact records into structured APIs used for enrichment, sales, recruiting, and analytics.
Recent Developments
People Data Labs appears to still be operating as a growth-stage data infrastructure company. In 2025 it announced a $45 million Series B led by Craft Ventures and Flex Capital, and it continues to market large-scale people and company datasets, API access, compliance controls, and privacy-request tooling as core parts of the business. �
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, employer, full_name, geographic_locations, job_information:job_title, phone_number, social_media_profile
Dark Web Verification
- Dataset containing ~622.2M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Data Enrichment Exposure From PDL Customer Data Breach; p-d-l-2019
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of People Data Labs; PeopleDataLabs
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam