Unsecured cloud database leaked personal information of over 100m US citizens

Leaks such as these are easily avoidable, suggest researchers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

An upcoming B2B sales and marketing company leaked personally identifiable information (PII) of up to 126 million US citizens, according tocybersecurityresearchers.

Researchers atvpnMentordiscovered an unsecured database onAmazon’scloud computingplatformAWS, which they traced back to the US-based marketing company OneMoreLead.

vpnMentor argues that the information in the database, which included email addresses, home address, and phone numbers, and more could easily have been used to perpetrateidentity theft, financial fraud, or be used to devise effectivephishingcampaigns.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Furthermore, the database also contained job titles, name of the employer, and work contact details of the individuals, which vpnMentor believes could be used to conduct business email compromise scams.

Mysterious origins

While OneMoreLead were quick to protect the database once alerted, vpnMentor has also raised questions about the origins of the data.

According to vpnMentor’s report, OneMoreLead claims to have over 40 million clients, although it doesn’t list them on its website. Furthermore, vpnMentor says the company started in 2020 and it’s “unlikely they collected data from 126 million people since opening in 2020.”

Interestingly, vpnMentor says that the exposed data bears an uncanny resemblance to a leak originally linked to German B2B marketing company Leadhunter in 2020, who, back then, had denied ownership of the leaked data.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In any case, the researchers suggest that such leaks from unprotected databases are becoming more common.

“However, any leak like this could be easily avoided with some basic security measures taken including securingservers, implementing proper access rules, and never leaving a system that doesn’t require authentication open to the internet,” suggest vpnMentor researchers, Noam Rotem and Ran Locar.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well