49 million user records from US data broker LimeLeads were available for sale on a hacking forum, the data were exposed on an Elasticsearch server.
Exposed LimeLeads data contains full name, title, user email, employer/company name, company address, city, state, ZIP, phone number, website URL, company total revenue, and the company’s estimated number of employees.
The news was first reported by ZDNet, LimeLeads offers access to its database that contains business contacts that can be used for marketing activities.
ZDNet was alerted of availability online of the records two weeks ago, a hacker that goes online with the handle Omnichorus was selling LimeLeads’ data online
“Sources in the threat intelligence community have told ZDNet that Omnichorus is a well-known individual on underground hacking forums, having built a reputation for sharing and selling hacked or stolen data — a so-called “data trader.”” reported ZDNet.
The company failed to configure its Elasticsearch server and accidentally exposed it online allowing anyone to access its content.
The popular data leak hunter Bob Diachenko confirmed to ZDNet exposed records were stored in an internal Elasticsearch server that was accidentally exposed online and indexed by the search engine Shodan since at least July 27, 2019.
A threat actor could launch a spear-phishing attack against them and perform a
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.