vpnMentor released a report today that shows a data leak that exposed 63 million American citizens. The data leak comes from the lead-generating B2B company OneMoreLead. According to vpnMentor, OneMoreLead stored its user data in an unsecured database that was left wide open. This resulted in names, email addresses, and workplace information being accessible to everyone on the internet.
Estimated reading time: 3 minutes
Thankfully, it doesn’t appear that hackers or bad actors actually found the unsecured database but had they, it could have been a huge problem for millions of users. Here’s a summary of this data leak discovery provided by vpnMentor:
| Company | OneMoreLead |
| Industry | B2B Sales and Marketing SAAS |
| Size of data in gigabytes | 34 GB |
| Suspected no. of records | 126 million |
| No. of people exposed | 63-126 million (depending on duplicates) |
| Date range/timeline | The data was uploaded on 10th April 2021. The date of its origin before this is unknown. |
| Geographical scope | USA |
| Types of data exposed | PII data |
| Potential impact | Fraud; identity theft; phishing |
| Data storage format | ElasticSearch |
vpnMentor discovered the data leak on April 16th, 2021, and contacted OneMoreLead to inform them of the leak on April 20th, 2021. OneMoreLead contacted Amazon Web Services (AWS), apparently their host, on April 20th, 2021, and took action to close the leak on April 21st, 2021. Here’s what vpnMentor had to say in their official press release.
Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Furthermore, some affected parties deny the facts, disregarding our research or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.
In this case, vpnMentor’s cybersecurity team discovered the database during a routine research project. We quickly identified OneMoreLead as the database’s owner. However, the origins of the data, or how it ended up in OneMoreLeads’ hands, remain unknown.
The company is new, with no known clients and an unfinished website. So, it’s unlikely they collected data from 126 million people since opening in 2020 – unless the people behind OneMoreLead were working on a similar business previously.
Furthermore, the exposed data bears an uncanny resemblance to a leak originally connected to the German B2B marketing company Leadhunter in 2020. (Leadhunter denied responsibility for the leak at the time, and researchers couldn’t confirm a link.)
vpnMentor
What do you think of this data leak? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.
