PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers.
TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people. When conducting background checks, the sites will use publicly scraped data, federal, state, and court records, criminal records, social media, and other sources.
In 2020, PubRec, LLC (owners of TruthFinder and Instant Checkmate) merged with PeopleConnect Holdings, Inc. (the owners of Classmates and Intellius), creating a massive portfolio of services specialized in finding information about people.
Stolen data leaked on a hacking forum
On January 21st, a member of the Breached hacking and data breach forum leaked the data for allegedly 20.22 million TruthFinder and Instant Checkmate customers who used the services up to April 16th, 2019.
The stolen data was shared as two 2.9 GB CSV files containing only customer information before the backup was created on April 16th, 2019.
The threat actor claimed that the data consisted of the following:
| File User Count +----------------------------------------- | InstantCheckMate............: 11,945,733 | TruthFinder.................: 8,270,551 | TruthFinderInternational....: 4,625 | Others......................: 98
The exposed TruthFinder and Instant Checkmate customer information includes email addresses, hashed passwords, first and last names, and phone numbers.
Pompompurin, the owner of the Breached forum, told BleepingComputer that the data was stolen from an exposed database backup found by a forum member.
Data breach confirmed
After BleepingComputer and Troy Hunt of Have I Been Pwned contacted PeopleConnect about the data leak earlier this week, the company immediately launched an investigation and was transparent about its intentions to disclose the incident.
“We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of TruthFinder subscribers was being discussed and made available in an online forum,” reads the data security incident notices.
“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company.”
While PeopleConnect is still investigating the incident, the company says it appears to be an “inadvertent leak or theft of a particular list.”
The company has engaged with a third-party cybersecurity firm to investigate the incident and found no evidence of their network being breached.
PeopleConnect warns to be on the lookout for targeted phishing attacks and that they will provide further updates as more information becomes available.