Researchers have discovered a database containing about 49 million user information of Limeleads on the dark web. Limeleads is a business-to-business lead generator based in San Francisco. They provide access to over 6.1 million contact information of US professionals.
Unfortunately, hackers took advantage of a loophole in its server to obtain the user information of Limeleads being offered on the dark web for sale. The hacker was said to be called Omnichorus on the dark web hacking forums and has an extensive history of obtaining and selling stolen information to other criminals on the dark web.
ZDNet was said to have received information concerning the upload of millions of customers’ data on the anonymous market. An investigation revealed that they were obtained from Limeleads. Initially, it was thought that hackers had breached its system to access them. However, it turned out to be the failure of Limeleads to set a password for its internal server. This gave hackers access to the company’s network to obtain sensitive files of users. Many companies have become victims of leaked data after failing to observe basic cybersecurity guidelines which made hackers take advantage without launching any potent malware.
Image Source: www.utecit.com
The uploaded stolen user information of Limeleads were the full names, company names, titles, company addresses, cities, ZIPs, States, Website URLs, email addresses, companies’ total revenue, the estimated number of employees and phone numbers. The sale of user information of Limeleads on the dark web puts companies and individuals at risk of spear-phishing attacks in addition to possible identity theft.
Spear-phishing attack is a targeted malicious email sent to individuals and organizations convincing them to open a malicious attachment after proving their credibility with all these stolen information. Many companies have fallen for this type of phishing attack as they look more credible than the broadcasted ones.
According to Bob Diachenko, a security researcher, the user information of Limeleads was accessed after an error exposed an internal Elasticsearch server of the company. From the best of his knowledge, one of its servers was indexed by search engine Shodan since 27 July 2019, giving hackers access to the users’ records. Diachenko has over the years searched the internet for leaked databases and notified the companies in question. He informed Limeleads on the database exposed, and they made an effort to sort it out a day after. Unfortunately, the hacker had accessed a lot of user records already and started selling them since October 2019.
Image Source: www.zdnet.com
The expose of user information of Limeleads is one of the many incidents involving hackers taking advantage of minor mistakes made but companies in 2020. Hackers are constantly looking for weaknesses in security systems to strike, with most of them creating gateways with their ransomware through the weakest link of cybersecurity chain to force themselves into a company’s system. Many companies only make an effort to patch security flaws after they get hit. It is important for all companies and institutions that take care of a bunch of customer information to constantly check any possible weaknesses in their system to protect users from having their personal information being uploaded on the dark web.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.