"Over 60 Million Americans Exposed Through Misconfigured Database"

Security researchers at vpnMentor have discovered an online Elasticsearch database completely unsecured and exposed to the public internet, containing the personal details of at least 63 million Americans.  The researchers were able to trace the trove back to OneMoreLead, a B2B sales and marketing company that claims on its unfinished website to have a database of “40+ million 100% verified B2B prospects to search from.”  The database itself contained around 126 million records.  The researchers stated that depending on the number of duplicates in there, the number of affected individuals could be anywhere between 63 million and 126 million.  Personally identifiable information (PII) featured in the database included full names, job titles, personal email and home addresses, work email and office addresses, personal and work phone numbers, home IP addresses, and employer names.  The researchers also found that many of the emails had .gov suffixes, or indicated the individual as working for the New York Police Department.  The researchers stated that private data from members of the government and police are a goldmine for criminal hackers.  There are also question marks over where the information came from.  The researchers stated that the company is new, with no known clients and an unfinished website, which makes it unlikely they collected data from 126 million people since opening in 2020 unless the people behind OneMoreLead were working on a similar business previously.  The researchers also stated that the exposed data bears an uncanny resemblance to a leak originally connected to German B2B marketing company Leadhunter in 2020. Leadhunter denied responsibility for the leak at the time, and researchers couldn’t confirm a link.  The researchers informed OneMoreLead, and apparently, they secured the database the day after they were informed.  

Infosecurity reports: "Over 60 Million Americans Exposed Through Misconfigured Database"