Popular background check and verification services Instant Checkmate and TruthFinder have suffered a data breach, which has been confirmed by their parent company, PeopleConnect.
TruthFinder and Instant Checkmate are two prominent, subscription-based background check services owned by PeopleConnect. The service recently became a victim of a data breach, and as seen by Hackread.com, hackers have leaked the data of millions of its users.
What is TruthFinder?
TruthFinder is an online service that enables users to search for information about people, businesses, and even phone numbers. It provides access to public records and other data sources to provide accurate and up-to-date results. TruthFinder can be used for a variety of purposes, including background checks, address searches, reverse phone number lookups, court records searches, and more.
What is Instant Checkmate?
Instant Checkmate is an online tool that provides users with access to public records. This website collects detailed information from many sources, such as criminal records, address histories, marriage and divorces, bankruptcies, and more.
Data Breach Details
On January 21, 2023, unidentified hackers leaked a 2019 backup database belonging to TruthFinder and Instant Checkmate on Breach Forums, a hacker and cybercrime forum that surfaced as an alternative to the popular and now-seized Raidforums.
These leaked records were stored before the backup was created on April 16th, 2019, and were shared as two 2.9 GB CSV files. Upon extraction, the entire dataset turned out to be a whopping 7 GB, including the following information:
- Full Names
- Phone Numbers
- Email Addresses
- Passwords Hashes
- Password Reset Tokens and more.
The following screenshot shows leaked files and the information that has been leaked in the Instant Checkmate and TruthFinder data breach.
PeopleConnect Confirms Breach:
PeopleConnect has confirmed the incident and assured that an investigation has been launched. The company has published notices on both impacted websites (1) (2), confirming the data breach. The statement read:
“We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of TruthFinder subscribers, was being discussed and made available in an online forum.”
“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company.”
What Could Have Happened?
The investigation is still underway, and PeopleConnect has collaborated with a third-party cybersecurity firm to find more details regarding the incident. However, the company has ascertained that the incident was an accidental leak or that hackers stole a particular list; however, there is no evidence of a network breach.