Instant Checkmate, TruthFinder Data Breach: 20M Accounts Leaked


Popular background check and verification services Instant Checkmate and TruthFinder have suffered a data breach, which has been confirmed by their parent company, PeopleConnect.

TruthFinder and Instant Checkmate are two prominent, subscription-based background check services owned by PeopleConnect. The service recently became a victim of a data breach, and as seen by Hackread.com, hackers have leaked the data of millions of its users.

Instant Checkmate and TruthFinder data leak – Screenshot: Hackread.com

What is TruthFinder?

TruthFinder is an online service that enables users to search for information about people, businesses, and even phone numbers. It provides access to public records and other data sources to provide accurate and up-to-date results. TruthFinder can be used for a variety of purposes, including background checks, address searches, reverse phone number lookups, court records searches, and more.

What is Instant Checkmate?

Instant Checkmate is an online tool that provides users with access to public records. This website collects detailed information from many sources, such as criminal records, address histories, marriage and divorces, bankruptcies, and more.

Data Breach Details

On January 21, 2023, unidentified hackers leaked a 2019 backup database belonging to TruthFinder and Instant Checkmate on Breach Forums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums.

These leaked records were stored before the backup was created on April 16th, 2019, and were shared as two 2.9 GB CSV files. Upon extraction, the entire dataset turned out to be a whopping 7 GB, including the following information:

  • Full Names
  • Phone Numbers
  • Email Addresses
  • Passwords Hashes
  • Password Reset Tokens and more.

The following screenshot shows leaked files and the information that has been leaked in the Instant Checkmate and TruthFinder data breach.

Instant Checkmate, TruthFinder Data Breach: 20M Accounts Leaked
Screenshot: Hackread.com

PeopleConnect Confirms Breach:

PeopleConnect has confirmed the incident and assured that an investigation has been launched.The company has published notices on both impacted websites (1) (2), confirming the data breach. The statement read:

“We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of TruthFinder subscribers, was being discussed and made available in an online forum.”

“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company.”

What Could Have Happened?

The investigation is still underway, and PeopleConnect has collaborated with a third-party cybersecurity firm to find more details regarding the incident. However, the company has ascertained that the incident was an accidental leak or that hackers stole a particular list; however, there is no evidence of a network breach.

  1. Experian Vulnerability Exposed Credit Reports
  2. 24M Customers Affected after Experian Data Breach
  3. Hacker dumps household records of 250M Americans
  4. Sensitive Data of 123M American Households Exposed​
  5. What is Identity Verification Service, How Does it Work?



Source link