[BreachExchange] Hacker offers for sale 49 million user records from US data broker LimeLeads

Thu Jan 16 08:21:05 EST 2020

https://securityaffairs.co/wordpress/96432/data-breach/limeleads-data-leak.html

49 million user records from US data broker LimeLeads were available
for sale on a hacking forum, the data were exposed on an Elasticsearch
server.

Exposed LimeLeads data contains full name, title, user email,
employer/company name, company address, city, state, ZIP, phone
number, website URL, company total revenue, and the company’s
estimated number of employees.

The news was first reported by ZDNet, LimeLeads offers access to its
database that contains business contacts that can be used for
marketing activities.

ZDNet was alerted of availability online of the records two weeks ago,
a hacker that goes online with the handle Omnichorus was selling
LimeLeads’ data online.

“Sources in the threat intelligence community have told ZDNet that
Omnichorus is a well-known individual on underground hacking forums,
having built a reputation for sharing and selling hacked or stolen
data — a so-called “data trader.”” reported ZDNet.

The company failed to configure its Elasticsearch server and
accidentally exposed it online allowing anyone to access its content.

The popular data leak hunter Bob Diachenko confirmed to ZDNet exposed
records were stored in an internal Elasticsearch server that was
accidentally exposed online and indexed by the search engine Shodan
since at least July 27, 2019.

Diachenko also added that he already reported the presence of the data
online to LimeLeads on September 16, and that the company secured the
Elasticsearch DB in just one day. This means that the database
remained exposed online for more than a month and that likely someone
has accessed its content and tried to monetize from the sale of the
data.

Omnichorus started selling the data since October 2019, the
availability of these data online pose a risk for companies and
individuals whose data were included in the database.

A threat actor could launch a spear-phishing attack against them and
perform a broad range of malicious activities.