March 20, 2024

It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

Responding to a reader inquiry concerning the trustworthiness of a site called TruePeopleSearch[.]net, KrebsOnSecurity began poking around. The site offers to sell reports containing photos, police records, background checks, civil judgments, contact information “and much more!” According to LinkedIn and numerous profiles on websites that accept paid article submissions, the founder of TruePeopleSearch is Marilyn Gaskell from Phoenix, Ariz.

The saucy yet studious LinkedIn profile for Marilyn Gaskell.

Ms. Gaskell has been quoted in multiple “articles” about random subjects, such as this article at HRDailyAdvisor about the pros and cons of joining a company-led fantasy football team.

“Marilyn Gaskell, founder of TruePeopleSearch, agrees that not everyone in the office is likely to be a football fan and might feel intimidated by joining a company league or left out if they don’t join; however, her company looked for ways to make the activity more inclusive,” this paid story notes.

Also quoted in this article is Sally Stevens, who is cited as HR Manager at FastPeopleSearch[.]io.

Sally Stevens, the phantom HR Manager for FastPeopleSearch.

“Fantasy football provides one way for employees to set aside work matters for some time and have fun,” Stevens contributed. “Employees can set a special league for themselves and regularly check and compare their scores against one another.”

Imagine that: Two different people-search companies mentioned in the same story about fantasy football. What are the odds?

Both TruePeopleSearch and FastPeopleSearch allow users to search for reports by first and last name, but proceeding to order a report prompts the visitor to purchase the file from one of several established people-finder services, including BeenVerified, Intelius, and Spokeo.

DomainTools.com shows that both TruePeopleSearch and FastPeopleSearch appeared around 2020 and were registered through Alibaba Cloud, in Beijing, China. No other information is available about these domains in their registration records, although both domains appear to use email servers based in China.

Sally Stevens’ LinkedIn profile photo is identical to a stock image titled “beautiful girl” from Adobe.com. Ms. Stevens is also quoted in a paid blog post at ecogreenequipment.com, as is Alina Clark, co-founder and marketing director of CocoDoc, an online service for editing and managing PDF documents.

The profile photo for Alina Clark is a stock photo appearing on more than 100 websites.

Scouring multiple image search sites reveals Ms. Clark’s profile photo on LinkedIn is another stock image that is currently on more than 100 different websites, including Adobe.com. Cocodoc[.]com was registered in June 2020 via Alibaba Cloud Beijing in China.

The same Alina Clark and photo materialized in a paid article at the website Ceoblognation, which in 2021 included her at #11 in a piece called “30 Entrepreneurs Describe The Big Hairy Audacious Goals (BHAGs) for Their Business.” It’s also worth noting that Ms. Clark is currently listed as a “former Forbes Council member” at the media outlet Forbes.com.

Entrepreneur #6 is Stephen Curry, who is quoted as CEO of CocoSign[.]com, a website that claims to offer an “easier, quicker, safer eSignature solution for small and medium-sized businesses.” Incidentally, the same photo for Stephen Curry #6 is also used in this “article” for #22 Jake Smith, who is named as the owner of a different company.

Stephen Curry, aka Jake Smith, aka no such person.

Mr. Curry’s LinkedIn profile shows a young man seated at a table in front of a laptop, but an online image search shows this is another stock photo. Cocosign[.]com was registered in June 2020 via Alibaba Cloud Beijing. No ownership details are available in the domain registration records.

Listed at #13 in that 30 Entrepreneurs article is Eden Cheng, who is cited as co-founder of PeopleFinderFree[.]com. KrebsOnSecurity could not find a LinkedIn profile for Ms. Cheng, but a search on her profile image from that Entrepreneurs article shows the same photo for sale at Shutterstock and other stock photo sites.

DomainTools says PeopleFinderFree was registered through Alibaba Cloud, Beijing. Attempts to purchase reports through PeopleFinderFree produce a notice saying the full report is only available via Spokeo.com.

Lynda Fairly is Entrepreneur #24, and she is quoted as co-founder of Numlooker[.]com, a domain registered in April 2021 through Alibaba in China. Searches for people on Numlooker forward visitors to Spokeo.

The photo next to Ms. Fairly’s quote in Entrepreneurs matches that of a LinkedIn profile for Lynda Fairly. But a search on that photo shows this same portrait has been used by many other identities and names, including a woman from the United Kingdom who’s a cancer survivor and mother of five; a licensed marriage and family therapist in Canada; a software security engineer at Quora; a journalist on Twitter/X; and a marketing expert in Canada.

Cocofinder[.]com is a people-search service that launched in Sept. 2019, through Alibaba in China. Cocofinder lists its market officer as Harriet Chan, but Ms. Chan’s LinkedIn profile is just as sparse on work history as the other people-search owners mentioned already. An image search online shows that outside of LinkedIn, the profile photo for Ms. Chan has only ever appeared in articles at pay-to-play media sites, like this one from outbackteambuilding.com.

Perhaps because Cocodoc and Cocosign both sell software services, they are actually tied to a physical presence in the real world — in Singapore (15 Scotts Rd. #03-12 15, Singapore). But it’s difficult to discern much from this address alone.

Who’s behind all this people-search chicanery? A January 2024 review of various people-search services at the website techjury.com states that Cocofinder is a wholly-owned subsidiary of a Chinese company called Shenzhen Duiyun Technology Co.

“Though it only finds results from the United States, users can choose between four main search methods,” Techjury explains. Those include people search, phone, address and email lookup. This claim is supported by a Reddit post from three years ago, wherein the Reddit user “ProtectionAdvanced” named the same Chinese company.

Is Shenzhen Duiyun Technology Co. responsible for all these phony profiles? How many more fake companies and profiles are connected to this scheme? KrebsOnSecurity found other examples that didn’t appear directly tied to other fake executives listed here, but which nevertheless are registered through Alibaba and seek to drive traffic to Spokeo and other data brokers. For example, there’s the winsome Daniela Sawyer, founder of FindPeopleFast[.]net, whose profile is flogged in paid stories at entrepreneur.org.

Google currently turns up nothing else for in a search for Shenzhen Duiyun Technology Co. Please feel free to sound off in the comments if you have any more information about this entity, such as how to contact it. Or reach out directly at krebsonsecurity @ gmail.com.

A mind map highlighting the key points of research in this story. Click to enlarge. Image: KrebsOnSecurity.com

ANALYSIS

It appears the purpose of this network is to conceal the location of people in China who are seeking to generate affiliate commissions when someone visits one of their sites and purchases a people-search report at Spokeo, for example. And it is clear that Spokeo and others have created incentives wherein anyone can effectively white-label their reports, and thereby make money brokering access to peoples’ personal information.

Spokeo’s Wikipedia page says the company was founded in 2006 by four graduates from Stanford University. Spokeo co-founder and current CEO Harrison Tang has not yet responded to requests for comment.

Intelius is owned by San Diego based PeopleConnect Inc., which also owns Classmates.com, USSearch, TruthFinder and Instant Checkmate. PeopleConnect Inc. in turn is owned by H.I.G. Capital, a $60 billion private equity firm. Requests for comment were sent to H.I.G. Capital. This story will be updated if they respond.

BeenVerified is owned by a New York City based holding company called The Lifetime Value Co., a marketing and advertising firm whose brands include PeopleLooker, NeighborWho, Ownerly, PeopleSmart, NumberGuru, and Bumper, a car history site.

Ross Cohen, chief operating officer at The Lifetime Value Co., said it’s likely the network of suspicious people-finder sites was set up by an affiliate. Cohen said Lifetime Value would investigate to determine if this particular affiliate was driving them any sign-ups.

All of the above people-search services operate similarly. When you find the person you’re looking for, you are put through a lengthy (often 10-20 minute) series of splash screens that require you to agree that these reports won’t be used for employment screening or in evaluating new tenant applications. Still more prompts ask if you are okay with seeing “potentially shocking” details about the subject of the report, including arrest histories and photos.

Only at the end of this process does the site disclose that viewing the report in question requires signing up for a monthly subscription, which is typically priced around $35. Exactly how and from where these major people-search websites are getting their consumer data — and customers — will be the subject of further reporting here.

The main reason these various people-search sites require you to affirm that you won’t use their reports for hiring or vetting potential tenants is that selling reports for those purposes would classify these firms as consumer reporting agencies (CRAs) and expose them to regulations under the Fair Credit Reporting Act (FCRA).

These data brokers do not want to be treated as CRAs, and for this reason their people search reports typically don’t include detailed credit histories, financial information, or full Social Security Numbers (Radaris reports include the first six digits of one’s SSN).

But in September 2023, the U.S. Federal Trade Commission found that TruthFinder and Instant Checkmate were trying to have it both ways. The FTC levied a $5.8 million penalty against the companies for allegedly acting as CRAs because they assembled and compiled information on consumers into background reports that were marketed and sold for employment and tenant screening purposes.

The FTC also found TruthFinder and Instant Checkmate deceived users about background report accuracy. The FTC alleges these companies made millions from their monthly subscriptions using push notifications and marketing emails that claimed that the subject of a background report had a criminal or arrest record, when the record was merely a traffic ticket.

The FTC said both companies deceived customers by providing “Remove” and “Flag as Inaccurate” buttons that did not work as advertised. Rather, the “Remove” button removed the disputed information only from the report as displayed to that customer; however, the same item of information remained visible to other customers who searched for the same person.

The FTC also said that when a customer flagged an item in the background report as inaccurate, the companies never took any steps to investigate those claims, to modify the reports, or to flag to other customers that the information had been disputed.

There are a growing number of online reputation management companies that offer to help customers remove their personal information from people-search sites and data broker databases. There are, no doubt, plenty of honest and well-meaning companies operating in this space, but it has been my experience that a great many people involved in that industry have a background in marketing or advertising — not privacy.

Also, some so-called data privacy companies may be wolves in sheep’s clothing. On March 14, KrebsOnSecurity published an abundance of evidence indicating that the CEO and founder of the data privacy company OneRep.com was responsible for launching dozens of people-search services over the years.

Finally, some of the more popular people-search websites are notorious for ignoring requests from consumers seeking to remove their information, regardless of which reputation or removal service you use. Some force you to create an account and provide more information before you can remove your data. Even then, the information you worked hard to remove may simply reappear a few months later.

This aptly describes countless complaints lodged against the data broker and people search giant Radaris. On March 8, KrebsOnSecurity profiled the co-founders of Radaris, two Russian brothers in Massachusetts who also operate multiple Russian-language dating services and affiliate programs.

The truth is that these people-search companies will continue to thrive unless and until Congress begins to realize it’s time for some consumer privacy and data protection laws that are relevant to life in the 21st century. Duke University adjunct professor Justin Sherman says virtually all state privacy laws exempt records that might be considered “public” or “government” documents, including voting registries, property filings, marriage certificates, motor vehicle records, criminal records, court documents, death records, professional licenses, bankruptcy filings, and more.

“Consumer privacy laws in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia all contain highly similar or completely identical carve-outs for ‘publicly available information’ or government records,” Sherman said.


26 thoughts on “The Not-so-True People-Search Network from China

    1. Adam

      I’ve been down the endato research path before. A search for that url will bring up plenty of other referrals
      site:https://endato.com/sign-up/
      FastBackgroundCheck
      PeopleSearchNow
      FastPeopleSearch
      TruePeopleSearch
      SearchPeopleFree
      SmartBackgroundChecks
      USPhoneBook
      AdvancedBackgroundChecks
      CyberBackgroundChecks
      FamilyTreeNow

      Reply
  1. Bill Muhr

    Hahaha, typical NSA rat Krebs. Trying to blame the fact that the American empire makes so called ‘personal information’ public record on devious Chinamen. Maybe the great Satan should just.. have privacy laws, as civilized governments like the PRC do?

    Reply
    1. Dennis

      I wonder where do these trolls come from. Do you watch Krebs’ rss feed in your KGB bunker, or what? Must be an honor for Krebs.

      Reply
    2. an_n

      Derp. In soviet China, privacy law jails YOU!

      Enjoy your stay at the Beijing 4 Seasonings, “CEO.”

      Reply
    3. Hadron Collision Manic Mechanic

      The last real contribution China gave to the world was pasta noodles to the Italians back in the 1500s.
      And Taiwan is a free and independent country, Billyboy.

      Reply
    4. Bobby G

      Why not supply your actual Chinese name, “Mr Bill Muhr”? You left a dozen clues in your poorly written criticism of Krebs’ research and analysis. The only people holding up China’s “privacy laws” and its “civilized government” would be state-supported lemmings, terrified of criticizing the PRC and ending up in a re-education camp.

      Reply
  2. Jojo

    I’ve used these sites for genealogical research. They are helpful in filling in blanks in family trees or discovering the contact info for people who don’t respond to internal messaging on Ancestry, MyHeritage, etc.

    Spokeo reports and support sucks bigly! Their info is old and unreliable. And the display formats are purposefully designed to scatter info on multiple reports, making it difficult to save info via screenshots. Of course, if you purchase their PDF extra add-on, that problem goes away. Don’t buy anything from this service.

    Reply
    1. an_n

      They usually all get the same data from the same places.
      Which ones did you use that were different or better?

      Reply
    2. Drew

      ‘Genealogical research’ is no excuse for violating privacy. We all have the right to be forgotten.

      Reply
  3. Dennis

    Spokeo is one dodgy company. I’m sure you’d find some shady connection, Brian, if you dig a little bit into it.

    Reply
  4. DaBunny

    Typo?

    “…Eden Cheng, who is cited as co-founder of PeopleFinderFree[.]com. KrebsOnSecurity could not find a LinkedIn profile for Ms. Chen…”

    Is “Eden’s” surname Chen or Cheng?

    Unrelated, but I really like the mind maps you’ve started including in your pieces.

    Reply
  5. Andrea

    Check out Jordan Manavian, VP of Product, Endato at Enformion, “has extensive work experience in product management, marketing, and strategy. Currently, they serve as the VP of Product for Endato at Enformion, Inc. Prior to this role, they were the Director of Product Management at PeopleFinders from July 2018 to May 2022. Jordan also held the position of Director of Product Management at Spokeo from August 2016 to July 2018.” Source: https://theorg.com/org/enformion/org-chart/jordan-manavian

    Reply
  6. Linda J Grubbs

    Try contacting Congressman Sheldon Whitehouse. He seems to have integrity and a willingness to investigate. If he personally cannot take on another project, he may be able to refer to an appropriate committee. Thank you for all you do.

    Reply
  7. Catwhisperer

    Excellent bust, LOL! But I believe you’ve just scratched the surface of how far this goes. People search, IMHO, is chump change in the big scheme of things. It’s a ripoff, and sophisticated consumers know that. But the idea that somebody offshore can just fabricate a company with a putative US address but NO physical presence is scary. Imagine you need medical care and you search on your favorite social media account. You find a local doctor for sure, but when you check on the doctor’s domain because you’re a geek, you get something that resides behind the Great Firewall. Been there done that.

    Freedom is great until it becomes a free for all, and you’re the commodity…

    Reply
  8. Susiecutie

    So basically LinkedIn is a garbage profile site?Especially since its free? Anyone can create multiple profiles on there. Perhaps LinkedIn should require better proof that profiles are legitimate. Do the people in the photos even know their photos are being used on various accounts? Or is this another big business? Sell my portraits and give up my portrait use rights?

    Reply
    1. mealy

      ^ Bingo. I’ve been saying it so long I forget. LinkedIn is more evil than it is necessary.

      That the Chorcs used searchable stock photos instead of new AI generated headshots
      is just testament to how cut/paste lazy these search aggregator business models are.
      (“Models” who sign away their headshots for stock photos got their first run pennies,
      but these scammers of course aren’t paying for minimal image rights. Don’t sell out
      and you won’t later be a mislabeled commodity in a shady info-broker’s scam, right?)

      Reply
  9. Bob

    “Consumer privacy laws in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia all contain highly similar or completely identical carve-outs for ‘publicly available information’ or government records,” Sherman said.

    Your tax dollars at work.

    Reply
  10. HK

    I would suggest that you translate Shenzhen Duiyun into Chinese with Google Translate, which I did (深圳对云). This is what I found: https://www.google.com/search?q=%22%E6%B7%B1%E5%9C%B3%E5%AF%B9%E4%BA%91%22&sca_esv=97d3c4185a5a42ee&ei=pB7-Zf1I8f-m1A_CloSACg&ved=0ahUKEwj9qqj4jImFAxXxv4kEHUILAaAQ4dUDCBA&uact=5&oq=%22%E6%B7%B1%E5%9C%B3%E5%AF%B9%E4%BA%91%22&gs_lp=Egxnd3Mtd2l6LXNlcnAiDiLmt7HlnLPlr7nkupEiSNYTUMoLWMoLcAF4AJABAJgBpgGgAaICqgEDMC4yuAEDyAEA-AEC-AEBmAIBoAIKwgIKEAAYRxjWBBiwA5gDAIgGAZAGCpIHATGgB4UG&sclient=gws-wiz-serp
    But when I Googled with 深圳对云科技有限, there were more sites. I think you could get some idea about this company this way. From one of the sites I found (I translated Chinese contents into English with Google Translate):
    Company Introduction
    About the company:
    Cloud Technology is an Internet entrepreneurial company that provides consumer software and cloud-end SAAS products for overseas markets. At present, company software is located in dozens of countries including the United States, the United Kingdom, Canada, Russia, Japan, Australia, and South America.

    Other sites provide some other info. such as when it was established [Established:4 years( Registration time: 2020-03-26)] or address (深圳市龙华区大浪街道龙平社区鸿荣源尚峻二期3B栋1607), or contact person’s name (朱陈彪/Zhu Chenbiao). Interesting, huh?

    Reply
  11. Bob

    There actually was a time in the early 2000s when there were some trustworthy and often free services for looking up phone numbers for legitimate reasons. When most people still had a landline in addition to a mobile device whitepages[.]com was great for checking who called you. And it was free. No idea who owns that now as ATT sold all of that business off.

    In the last 10 years, I have only used a reverse number lookup service once after someone was illegally opening credit card accounts in my name and all I had to go off of was a phone number. There really are NO free people/phone lookup services anymore regardless of what they are named or claim. I really wanted to bust the thieves stealing from me so I was willing to pay $20 for a one-time search. The results were less than worthless and were minimal results I could have gotten with a standard Google search. If you read the fine print, there are no refunds so even if they return no useful information you have no recourse.

    IMHO being able to do a reverse lookup on a phone number should be a free and regulated service to help protect consumers.

    Reply
    1. Fr00tL00ps

      “being able to do a reverse lookup on a phone number should be a free and regulated service to help protect consumers.”

      Unfortunately, humanity has proven time and again that community services/tools/policies that were originally implemented for the greater good in mind, someone ALWAYS finds a way to use those very services/tools/policies for their own selfish means, for which, were not their intended purpose and consequentially someone else’s disadvantage.

      Before mobile phones, if you were a domestic violence victim or similar vulnerable member of the community, you could apply to telecom companies to have your landline “unlisted” in the white-pages for free, generally by court order. But those very same companies soon realised they could monetise this as a service. Wealthy clients and corporations soon jumped on the bandwagon to obtain “private” numbers, when really, they weren’t the intended demographic for the service.

      Nowadays, the idea has been sullied and the average person will not answer an unlisted or private number, particularly when scam calls are so prevalent or it’s a big corporation that really should have nothing to hide.

      I genuinely understand your frustration, but unfortunately knowing human nature, I don’t believe a regulated reverse lookup service will work as intended, because someone WILL inevitably take advantage of it and it WILL be to the detriment of others. In your case, filing a police report would allow a court to gather all the information you should need. Which is as it should be; letting the proper authorities deal with the situation.

      Reply
  12. upstream

    You would think that something could be done about Radis in particular given that they serve no real legitimate purpose. Why do they provide the first 6 digits of the SSN? I believe they do it because the last 4 are out there everywhere and is used for all sort of purposes that it should not be used. Thus, it acts as a completion service for the SSN number from a vendor that will provide data to everyone that gives it a few bucks.

    Reply
  13. CuriousGeorge

    I found that a lot of the personal data comes directly from Transunion. I discovered this by doing searches on myself and finding data that was only on Transunion. It was inaccurate data that I informed them about but they wouldn’t delete. It doesn’t exist in any of the other credit reporting agencies. So that one wrong letter in my name has always been a junk snail mail warning and it goes into the trash unopened. Makes sorting out the junk mail easy. Seems like Transunion will sell your data to everyone.

    Reply
    1. an_n

      Makes a security minded individual want to give 3 distinct profiles to the 3 agencies.
      For triangulation, as they like.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *