vpnMentor report discovers 63 million users information in data leak


vpnMentor released a report today that shows a data leak that exposed 63 million American citizens. The data leak comes from the lead-generating B2B company OneMoreLead. According to vpnMentor, OneMoreLead stored its user data in an unsecured database that was left wide open. This resulted in names, email addresses, and workplace information being accessible to everyone on the internet.

Estimated reading time: 3 minutes

Thankfully, it doesn’t appear that hackers or bad actors actually found the unsecured database but had they, it could have been a huge problem for millions of users. Here’s a summary of this data leak discovery provided by vpnMentor:

IndustryB2B Sales and Marketing SAAS
Size of data in gigabytes34 GB
Suspected no. of records126 million
No. of people exposed63-126 million (depending on duplicates)
Date range/timelineThe data was uploaded on 10th April 2021. The date of its origin before this is unknown.
Geographical scopeUSA
Types of data exposedPII data
Potential impactFraud; identity theft; phishing
Data storage formatElasticSearch

vpnMentor discovered the data leak on April 16th, 2021, and contacted OneMoreLead to inform them of the leak on April 20th, 2021. OneMoreLead contacted Amazon Web Services (AWS), apparently their host, on April 20th, 2021, and took action to close the leak on April 21st, 2021. Here’s what vpnMentor had to say in their official press release.

Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.

Furthermore, some affected parties deny the facts, disregarding our research or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.

In this case, vpnMentor’s cybersecurity team discovered the database during a routine research project. We quickly identified OneMoreLead as the database’s owner. However, the origins of the data, or how it ended up in OneMoreLeads’ hands, remain unknown.

The company is new, with no known clients and an unfinished website. So, it’s unlikely they collected data from 126 million people since opening in 2020 – unless the people behind OneMoreLead were working on a similar business previously.

Furthermore, the exposed data bears an uncanny resemblance to a leak originally connected to the German B2B marketing company Leadhunter in 2020. (Leadhunter denied responsibility for the leak at the time, and researchers couldn’t confirm a link.)


What do you think of this data leak? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.

vpnMentor did not buy us coffee...maybe you can

The Samsung Galaxy Tab S7 FE is now available in the United States

In an already splintered society, would a “metaverse” make things even worse?


Latest Articles

Share via
Copy link
Powered by Social Snap