Connect with us

Hi, what are you looking for?

Tech & Science

Millions of user records from LimeLeads put up for sale online (Includes interview)

According to ZDNet, a hacker is currently selling a huge database of millions business contacts on a underground hacking forum, relating to LimeLeads. The records are being sold in an underground hacking forum by a well-known threat actor under the name Ominichorus. The data contains the following user details: full name, title, user email, employer/company name, company address, city, state, ZIP, phone number, website URL, company total revenue, and the company’s estimated number of employees.

It appears that the affected company is the latest in a growing list of companies that failed to set up a password for an internal server. the consequence of this is with allowing anyone on the Internet to access the company’s important customer data.

Providing analysis about the data breach for Digital Journal, Anurag Kahol, CTO, Bitglass says: “Week after week, we witness companies leaving sensitive data vulnerable in the cloud due to simple mistakes and misconfigurations. In this particular case, a failure to password protect an internal server led to over 49 million user records being made available for sale on the dark web – exposed data included full names, emails, phone numbers, and other personally identifiable information.”

In terms of the consequences, he adds: “Those affected by this breach are now vulnerable to fraud and phishing attacks for the foreseeable future.”

In terms of how these types of things happen, Kahol states: “Unfortunately, cybercriminals can leverage tools that detect abusable misconfigurations within IT assets like Elasticsearch databases, making it easier and easier to find and exploit vulnerabilities.”

Kahol also outlines the basis of a preventative strategy for companies with a significant online presence: “If organizations are to prevent these kinds of breaches, they must have full visibility and control over their data and their IT systems. To do so, they should look for security solutions that remediate misconfigurations, enforce real-time access control, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent the leakage of sensitive information.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

The Marine Climate Change Impacts estimated that 28 percent of the coastline in England and Wales was retreating by at least 10 cm.

World

US Republican presidential candidate Donald Trump said Friday he had spoken by telephone with Ukraine leader Volodymyr Zelensky.

World

The unions, which represent some 14,000 Disneyland Resort employees, have been in negotiations with Disney over wage increases since April. 

Business

While trains are often promoted as a green mode of transport, there are growing concerns about their actual environmental impact.