A third party has scraped contents of TLO, a massive database of personal information used by private investigators and law enforcement, and then posted the information elsewhere on the internet, including peoples’ physical addresses, phone numbers, email addresses, and the contact details of their relatives.
The finding shows the risk of databases like TLO that contain hundreds of millions of sensitive data points. Once someone has access to TLO, they may copy that information, distribute it, and otherwise use it however they see fit. In this case, the data was scraped and then posted online where it could theoretically be discovered by others. In this case, access to the scrape was password protected, but the password was easily discoverable.
Jelle Ursem, an independent security researcher, first alerted Motherboard to the scraped TLO data. The website appears to be connected to a real estate firm. The company did not respond to a request for comment.