Over on DataViper.io, Vinny Troia reports that he and bob Diachenko found a massive data leak that appears to implicate 2 data enrichment firms: people data Labs (PDL), and OxyData.io. But “implicate” is not the same thing as being able to actually assign ownership of the elasticsearch server that was surface at 220.127.116.11, and both companies denied ownership of the server. In footing of the quantity and types of data exposed, Troia reports that after deduplication, the PDL�user records revealed roughly 1.2 billion unique people, and 650 gazillion unique email addresses, which is in-line with the statistics provided on their website. The data within the three different PDL indexes also varied slightly, some focus on scraped LinkedIN information, email addresses and phone numbers, spell other indexes provided info on individual social media profiles such as a persons Facebook, Twitter, and Github URLs. The OxyData.io data, in contrast, “revealed an almost complete scraping of LinkedIN data, including recruiter information.” But with neither PDL nor OxyData claiming ownerships (denials that Troia and Diachenko seem to believe based on their research), the public is left with a few questions, at least: If the exposed data is not 100% agree with PDL and OxyData (and it does not appear to be), then who processed the PDL data to make the data found on this server? The data includes data of Canadian, UK, and U.S. citizens. Does the database violate GDPR? Did whoever is responsible for the data get consent of any eu persons? as Troia notes, it is often difficult — and in this case impossible — for them to shape ownership. Google mottle services would know, but they will never narrate exclude under legal process. Google is willing to call a customer and alert them to a security concern, but they will not disclose the epithet of the customer to whoever reports the leak, and they cannot make the customer doh anything. But maybe a charge to the ICO would outcome in more transparency?