PeopleConnect, the owners of background check services TruthFinder and Instant Checkmate, have confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the information of millions of customers.

TruthFinder and Instant Checkmate are subscription-based services that allow customers to perform background checks on other people. When conducting background checks, the sites will use publicly retrieved data, federal, state and court records, criminal records, social media and other sources.

In 2020, PubRec, LLC (owners of TruthFinder and Instant Checkmate) merged with PeopleConnect Holdings, Inc. (owners of Classmates and Intellius), creating an extensive portfolio of services specializing in finding information about people.

Stolen data leaked on hacking forum

On January 21, a member of the Breached data breach and hacking forum leaked the data of allegedly 20.22 million TruthFinder and Instant Checkmate customers who used the services through April 16, 2019.

The stolen data was shared as two 2.9 GB CSV files containing only customer information before the backup was created on April 16, 2019.

The threat actor claimed that the data was as follows:

| File                          User Count
+-----------------------------------------
| InstantCheckMate............: 11,945,733
| TruthFinder.................: 8,270,551
| TruthFinderInternational....: 4,625
| Others......................: 98

Exposed customer information from TruthFinder and Instant Checkmate includes email addresses, hashed passwords, first and last names, and phone numbers.

Pompompurin, the owner of the Breached forum, told BleepingComputer that the data was stolen from an exposed database backup found by a forum member.

Confirmed Data Breach

After BleepingComputer and Have I Been Pwned’s Troy Hunt contacted PeopleConnect about the data leak earlier this week, the company immediately launched an investigation and was transparent about its intentions to disclose the incident.

Today, PeopleConnect posted reviews on both Instant checkmate And TruthFinder confirming that both services suffered a data breach.

“We recently learned that a list, including name, email, phone number in some cases, as well as securely encrypted passwords and expired and inactive password reset tokens , of TruthFinder subscribers was being discussed and made available on an online forum,” reads the data security incident notice.

“We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019. The published list is from our company.”

While PeopleConnect is still investigating the incident, the company says it appears to be “an inadvertent leak or theft of a particular listing.”

The company engaged with a third-party cybersecurity firm to investigate the incident and found no evidence of a breach in its network.

PeopleConnect warns to be on the lookout for targeted phishing attacks and will provide further updates as more information becomes available.