Impact & Downstream Threats
This breach carries high risk due to the nature of exposed data fields and the scale of affected records.
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
- Employment-based social engineering using job and employer data
- Social media account targeting and impersonation
Breach Intelligence
Executive Summary
In October 2019, security researchers Vinny Troia and Bob Diachenko identified an unprotected Elasticsearch server holding 1.2 billion records of personal data. The exposed data included an index indicating it was sourced from data enrichment company People Data Labs (PDL) and contained 622 million unique email addresses. The server was not owned by PDL and it's believed a customer failed to properly secure the database. Exposed information included email addresses, phone numbers, social media profiles and job history data. // What happened in the PeopleDataLabs Breach? November 30th 2024, 7:00 pm EST, In October 2019, security researchers uncovered an unsecured Elasticsearch server containing approximately 1.2 billion records of personal data. The data, spanning 4 terabytes, included names, email addresses, phone numbers, job titles, employers, geographic locations, and social media profiles from platforms like LinkedIn, Facebook, and GitHub. This extensive dataset was traced to a server hosted on Google Cloud Services, but it was not owned by People Data Labs (PDL), a San Francisco-based data broker. Instead, it was linked to a PDL customer who had failed to secure their database properly. The exposed information posed significant risks, including potential identity theft, phishing, and social engineering attacks. Despite the scale of the breach, PDL denied ownership of the server, stating that once data is provided to customers, its security becomes their responsibility. The company emphasized that it performs security audits and consultations for its clients but cannot enforce best practices.
About People Data Labs; PeopleDataLabs
Data provider focused on people and workforce intelligence.
Data Points Exposed
Dark Web Verification
Status: Confirmed
- Dataset containing approximately 622.2M records identified in breach intelligence sources.
- The data is indexed and searchable across breach notification platforms.
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Non-clients may request a breach impact review.
Frequently Asked Questions
In October 2019, People Data Labs; PeopleDataLabs experienced a data breach that exposed approximately 622.2M records containing personal information.
The exposed data includes fields such as email address, employer, full name, geographic locations, job information:job title.
Approximately 622.2M records were affected based on current breach intelligence.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of People Data Labs; PeopleDataLabs
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam