There’s a new large privacy incident regarding an unprotected database that affects 49 million business contacts. This database containing sensitive information is currently being sold on an underground hacking forum, ZDNet reports.
It seems that the data comes from LimeLeads, a B2B leads generator situated in San Francisco. Apparently, ZDNet was tipped off two weeks ago that a cybercriminal called Omnichorus is selling the company’s data online. In fact, Omnichorus is a well-known name in the underground world with a good reputation in selling hacked or stolen data. In other words, Omnichorus is a data trader.
What is the reason for the LimeLeads data leak?
At first, security researchers thought that LimeLeads was hacked, and the leaking of the data is a result of a cyberattack. Analysis, however, shows that the company hasn’t secured their internal server with a password. This lack of basic protection made the data vulnerable as anyone with access to the internet can reach it.
The incident has been confirmed by Bob Diachenko, a security researcher who searches the internet for exposed databases and then notifies affected companies, ZDNet says. The researcher notified LimeLeads of the exposed server last September. LimeLeads reacted timely, and the server was secured the next day. However, the company wasn’t in luck. The time its server was exposed on the internet was enough for Omnichorus to obtain the data himself and start selling it.
What’s in LimeLeads dataset?
Researchers say that the exposed data includes business details such as full name, title, user email, employer or company name, company address, city, state, ZIP, phone number, website URL, total revenue of the specific company, and the estimated number of employees. This data is more than enough to fuel various malicious attacks such as spear phishing and targeted attempts against exposed companies.
LimeLeads is yet to comment about the data leak.
Not the first scary leak of personal details in 2020, either
Just last week, security researchers reported that a database belonging to CheckPeople.com that contains the personal details of 56.25 million US residents is exposed. The details are very sensitive including names, home addresses, phone numbers, ages, The Register reported.
CheckPeople.com is a typical website for finding people against a fee. Any use who pays the fee can enter a person’s name, and look up that person’s current and past address, phone number, email address, and in some cases, even criminal records.