Unsecured cloud database leaked personal information of over 100m US citizens

An upcoming B2B gross sales and advertising firm leaked personally identifiable data (PII) of as much as 126 million US residents, in line with cybersecurity researchers.

Researchers at vpnMentor found an unsecured database Now’s cloud computing platform AWS, which they traced again to the US-based advertising firm OneMoreLead.

vpnMentor argues that the knowledge within the database, which included e-mail addresses, dwelling handle, and cellphone numbers, and extra may simply have been used to perpetrate identity theft, financial fraud, or be used to devise effective phishing campaigns. 

Moreover, the database additionally contained job titles, title of the employer, and work contact particulars of the people, which vpnMentor believes could possibly be used to conduct enterprise e-mail compromise scams. 

Mysterious origins

Whereas OneMoreLead have been fast to guard the database as soon as alerted, vpnMentor has additionally raised questions concerning the origins of the info.

In keeping with vpnMentor’s report, OneMoreLead claims to have over 40 million purchasers, though it doesn’t record them on its web site. Moreover, vpnMentor says the corporate began in 2020 and it’s “unlikely they collected knowledge from 126 million individuals since opening in 2020.”

Curiously, vpnMentor says that the uncovered knowledge bears an uncanny resemblance to a leak initially linked to German B2B advertising firm Leadhunter in 2020, who, again then, had denied possession of the leaked knowledge.

In any case, the researchers recommend that such leaks from unprotected databases have gotten extra frequent. 

“Nonetheless, any leak like this could possibly be simply prevented with some fundamental safety measures taken together with securing servers, implementing correct entry guidelines, and by no means leaving a system that doesn’t require authentication open to the web,” recommend vpnMentor researchers, Noam Rotem and Ran Locar.