Unsecured Database Exposed Data on MillionsvpnMentor: Server Belonging to OneMoreLead Is Now Secured
Researchers at vpnMentor say that B2B marketing company OneMoreLead exposed the data of up to 126 million Americans on a misconfigured Elasticsearch server.
In a newly released report, researchers at vpnMentor say they discovered the exposed database on April 16 and notified OneMoreLead on April 20, after which the vendor secured it.
"OneMoreLead was storing all this information on an unsecured database, which the company had left completely open," vpnMentor says in a new report. "As a result, the names, email addresses and workplace information were exposed to anyone with a web browser. Had malicious hackers discovered this database, it would have been a gold mine for various criminal activities, from financial fraud and identity theft, to large-scale phishing attacks targeting U.S. companies and government institutions."
The researchers say numerous email addresses belonging to U.S. government agencies and the New York Police Department were included in the exposed database.
OneMoreLead is a data broker service that offers dynamic data lists to use for sales and marketing.
The company did not immediately reply to a request for comment.
Noam Rotem, a vpnMentor researcher, says the exposed information potentially could have been used for financial fraud, identify theft or effective phishing campaigns.
"It was not just individuals that were put at risk but also their employers as the type of information leaked meant there was a strong chance of business email compromise risk," Rotem says. "Simultaneously, some government email addresses were found in the database. This can also be a gold mine for criminal hackers who could use this data to infiltrate otherwise secure, high-level government agencies, resulting in major national security breaches."
About 34 gigabytes of data belonging to between 63 million and 126 million people in the U.S. were uploaded to a misconfigured Elasticsearch server on April 10, vpnMentor reports. The database was discoverable via the Shodan search engine.
Elasticsearch is a popular, open-source search engine and analytics platform used for large stores of data. Like Amazon S3 buckets, MongoDB and other cloud-based databases, Elasticsearch does not expose data to the internet by default. But many administrators appear to have disabled its built-in security controls (see: Cloud Security: 'Big Data' Leak Prevention Essentials).
Ran Locar, another investigator and vpnMentor researcher, says exposure of data on unsecure databases is becoming more common.
“Any leak like this could be easily avoided with some basic security measures, including securing servers, implementing proper access rules and never leaving a system that doesn’t require authentication open to the internet,” Locar notes.
Already Exposed Data?
During the investigation, researchers noticed that the exposed data appeared similar to data leaked by German B2B marketing company Leadhunter in 2020. "Leadhunter denied responsibility for the leak at the time, and researchers couldn’t confirm a link," the researchers say.
"Based on our research, and the similarities between the two companies and data breaches, we suspect that both of the companies sourced their data from the same entity - possibly another business that sells leads to marketing companies. But since it's been over a year, OneMoreLead added more leads and removed some existing ones which would explain the differences between both databases," the researchers note.