The researcher Jeremiah Fowler discovered an unsecured database exposed online that belong to car dealership marketing firm Dealer Leads.
The archive containing 198 million records for a total of 413GB of data containing information of potential car buyers, vehicles, loan and finance inquiries, log data with IP addresses of visitors, and more.
“On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of 198 million records. The most shocking part was that I had seen this dataset several times in the previous weeks, but was unable to identify the owner.” reports Security Discovery. “I spent several days trying to identify the owner of the database and there was no clear indication in the millions of records.”
Dealer Leads provides content relevant and related to the auto industry for franchise and independent car dealerships, the website of the company describes itself with the following statement.
“dominates the automotive digital marketing industry with highly used automobile search strings turned i
The Elastic database was accessible to anyone with any browser, its records included name, email, phone, address, IP, and other sensitive or identifiable information, in plain text.
The archive also included IP addresses, ports, pathways, and storage info.
The good news is that after the expert reported his discovery to the company, it has secured the database restricting public access to the archive.
At the time of writing it is not clear how long the data remained exposed online and if someone had access to its records.
“Dealer Leads acted fast to restrict public access immediately after the notification. Unfortunately, the data
“It is unclear if Dealer Leads has notified individuals, dealerships, or authorities about the data incident. Because of the size and scope of the network applicants and potential customers may not know if their data was exposed,”
(SecurityAffairs – hacking, data leak)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.