Cybersecurity researcher Jeremiah Fowler uncovered an unsecured database containing over 644,000 records belonging to SL Data Services, a company that provides information research services under the Propertyrec brand.
The exposed database, which was left without password protection or encryption, held sensitive documents totaling 713.1 GB. These included court records, vehicle registration details, property ownership reports, and a significant number of background checks.
The leaked files contained detailed personal information such as full names, home addresses, phone numbers, email addresses, employment histories, family connections, social media profiles, and even criminal records. Fowler confirmed the accuracy of the data through a limited sample, raising serious concerns about privacy and security. He noted that such comprehensive personal profiles could easily be exploited for identity theft, phishing scams, or other malicious activities.
SL Data Services operates a network of websites, including Propertyrec, which advertises property research and real estate data. However, it also provides background checks, DMV records, and other personal data. Despite Fowler’s responsible disclosure notice, the company did not respond or clarify whether the database was managed internally or by a third party. Public access to the database was restricted over a week after the discovery, during which time the number of documents increased from 513,876 to 664,934, suggesting ongoing activity.
One concerning aspect of the breach was the use of filenames containing personal details, such as “First_Middle_Last_State.PDF.” While this may have been intended to organize files, it created additional risks by exposing metadata and directory structures, even if the files had been encrypted. Fowler emphasized that such practices highlight the need for organizations to implement better security protocols, including using random identifiers for files, encrypting sensitive data, and monitoring access logs for suspicious activity.
This incident is the latest in a string of data breaches that have exposed the personal information of millions. It follows the August 2024 National Public Data breach, where hackers gained access to a background check service and offered the stolen data on the dark web for $3.5 million. The recurring theme of improperly secured databases underscores the urgent need for companies to take data protection more seriously.
While SL Data Services has yet to comment on the breach, Fowler’s discovery serves as a stark reminder of the risks associated with mishandling sensitive information. His investigation, conducted with strict ethical guidelines, aims to raise awareness and encourage organizations to strengthen their cybersecurity measures before it’s too late.
