49 Million Business Records Are Sold Online After The LimeLeads Elasticsearch Server Data Breach

LimeLeads Data Leak

Those of you who follow cybersecurity news closely are probably getting pretty tired of hearing about the next in a very long line of companies that have put a huge amount of sensitive data in an internet-connected server and have failed to protect it with a password. If, on the other hand, you don't follow the news closely, you might be surprised to find out that this is the reason for the vast majority of recent data security incidents.

In fact, researchers like Bob Diachenko discover misconfigured databases and servers on an almost daily basis. Fortunately, more often than not, the consequences of such leaks are not that severe. Usually, the experts manage to notify either the owner of the data or the company that hosts it before the criminals get to it. Most organizations act quickly, and the leaks are plugged before the information ends up in the wrong hands. In the case of LimeLeads, however, the criminals did access the unprotected database before it was taken down, and now tens of millions of records are offered for sale on an underground hacking forum.

A data trader sells close to 50 million stolen business records

A couple of weeks ago, ZDNet's Catalin Cimpanu was tipped off of a sale of a large database on a hacking forum. The reporter followed the lead and saw that a cybercriminal going by the nickname Omnichorus was trying to shift 49 million business records stolen from a company called LimeLeads in exchange for an undisclosed sum.

LimeLeads has an entire series of short educational videos called The Cold Email Playbook, which probably gives you an idea of what the company's business plan is. It collects vast volumes of business email addresses and contact details and organizes them in a database. Paying customers get access to the said database, and the more expensive the subscription, the greater the number of contacts they can download every month. Thanks to Omnichorus, however, crooks can get their hands on this massive volume of information for what is presumably a fraction of the price.

How did the data end up on a hacking forum?

Catalin Cimpanu spoke to people familiar with the underground data trading market, who told him that Omnichorus is not a newcomer. In fact, Cimpanu was informed that the person selling the 49 million records has been in the business for a while now. He has always been considered a data broker rather than an out-and-out hacker, though. Despite this, ZDNet's reporter thought that the person who stole the database had done it after breaking through LimeLeads' security, but Bob Diachenko informed him that his assumptions were wrong.

Diachenko first saw LimeLeads' database on September 16, 2019, when he found it on an unprotected Elasticsearch server. He got in touch with the data company, and the information was pulled offline within a day. The researcher knew that Shodan, a specialized search engine designed to scan for misconfigured devices, first indexed the exposed data on July 27, 2019, but he had no way of knowing whether anyone had managed to get to it before him. Omnichorus's ad shows that they did.

Admittedly, this is one of the few confirmed instances where an unprotected database ends up spilling the information of millions of people on the underground market, and it must be said that in this particular case, the leaked data isn't that sensitive.

We do hope, however, that it will highlight the seriousness of the situation because it looks like many seem to underestimate it. Misconfigured databases give people like Omnichorus the chance to make a lot of money with not a whole lot of effort, and they will try to take maximum advantage of this. It's up to the people who take care of our data to ensure that they stay well away from our details. This is something LimeLeads failed to do.

January 23, 2020
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.