After BleepingComputer and Troy Hunt of Have I Been Pwned contacted PeopleConnect about the data leak earlier this week, the company immediately launched an investigation and was transparent about its intentions to disclose the incident.
Today, PeopleConnect published notices on both
Instant Checkmate and
TruthFinder confirming that both services suffered a data breach.
"We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of TruthFinder subscribers was being discussed and made available in an online forum," reads the data security incident notices.
"We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list originated inside our company."
While PeopleConnect is still investigating the incident, the company says it appears to be an "inadvertent leak or theft of a particular list."
The company has engaged with a third-party cybersecurity firm to investigate the incident and found no evidence of their network being breached.
PeopleConnect warns to be on the lookout for targeted phishing attacks and that they will provide further updates as more information becomes available.
Hunt will be adding the leaked data to
Have I Been Pwned today, and users will be able to use the service to confirm if their account information was exposed.
