Hacker offers for sale 49 million user records from US data broker LimeLeads

Pierluigi Paganini January 15, 2020

49 million user records from US data broker LimeLeads were available for sale on a hacking forum.

49 million user records from US data broker LimeLeads were available for sale on a hacking forum, the data were exposed on an Elasticsearch server.

Exposed LimeLeads data contains full name, title, user email, employer/company name, company address, city, state, ZIP, phone number, website URL, company total revenue, and the company’s estimated number of employees.

The news was first reported by ZDNet, LimeLeads offers access to its database that contains business contacts that can be used for marketing activities.

ZDNet was alerted of availability online of the records two weeks ago, a hacker that goes online with the handle Omnichorus was selling LimeLeads’ data online.

“Sources in the threat intelligence community have told ZDNet that Omnichorus is a well-known individual on underground hacking forums, having built a reputation for sharing and selling hacked or stolen data — a so-called “data trader.”” reported ZDNet.

The company failed to configure its Elasticsearch server and accidentally exposed it online allowing anyone to access its content.

The popular data leak hunter Bob Diachenko confirmed to ZDNet exposed records were stored in an internal Elasticsearch server that was accidentally exposed online and indexed by the search engine Shodan since at least July 27, 2019.

Diachenko also added that he already reported the presence of the data online to LimeLeads on September 16, and that the company secured the Elasticsearch DB in just one day. This means that the database remained exposed online for more than a month and that likely someone has accessed its content and tried to monetize from the sale of the data.

Omnichorus started selling the data since October 2019, the availability of these data online pose a risk for companies and individuals whose data were included in the database.

A threat actor could launch a spear-phishing attack against them and perform a broad range of malicious activities.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – LimeLeads, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment