LimeLeads Data Breach (2019)

A hacker is currently selling a huge database of 49 million business contacts on a underground hacking forum, ZDNet has learned. The hacker claims the data belongs to LimeLeads, a San Francisco-based business-to-business (B2B) leads generator, which +makes its money by renting access to an internal database containing business contacts that can be used for pitches and sales. Following a tip from our readers, ZDNet was made aware two weeks ago that a threat actor going by the name of Omnichorus was selling LimeLeads' data online. Sources in the threat intelligence community have told ZDNet that Omnichorus is a well-known individual on underground hacking forums, having built a reputation for sharing and selling hacked or stolen data -- a so-called "data trader." Unsecured server to blame, not a cyber-attack While initially after receiving the tip we thought the company had suffered an intrusion into its systems following an intentional cyber-attack, we soon discovered that this was not the case. LimeLeads turned out to be just the latest in a long line of companies that failed to set up a password for an internal server, which allowed anyone on the internet to access the company's crucial customer data. Bob Diachenko, a security researcher who searches the internet for exposed databases and then notifies affected companies has confirmed to ZDNet that the company had exposed an internal Elasticsearch server. He told ZDNet that one of the company's servers had been indexed by search engine Shodan as an open system since at least July 27, 2019. Diachenko said he notified LimeLeads of the exposed server on September 16, last year, and the company secured the exposed system a day later.