ZDNet has reported that a hacker is currently selling a database containing 49 million business contacts on an underground hacking forum.
After receiving a tip from one of its readers, ZDNet reported that it had become aware that a threat actor, dubbed Omnichorus, has been selling data belonging to San Francisco-based business-to-business leads generator, LimeLeads.
Security researcher Bob Diachenko confirmed that the company’s Elasticsearch server had been left open since July 27, 2019. Diachenko added that he notified LimeLeads on September 16, last year, about the exposed server to which it was secured a day later.
However, despite securing the server it appears that Omnichrous managed to obtain the company’s data and has been selling it online since October last year.
According to Diachenko, the data contains full names, titles, emails, phone numbers, employer names, company addresses, website URLs, the total revenue made and the company’s estimated number of employees.
If the data is sold, it leaves companies and its employees vulnerable to spear-phishing attacks.
Just recently, thousands of images and videos of babies have been leaked online due to an Elasticsearch database being left open without any password protection.
The post #Privacy: Over 45m user records from US data broker LimeLeads are up for sale appeared first on PrivSec Report.