49 Million User Records Leaked From US Data Broker LimeLeads – Experts Reactions

By   ISBuzz Team
Writer , Information Security Buzz | Jan 15, 2020 03:01 am PST

Data from an exposed LimeLeads Elasticsearch server has ended up on a hacking forum, being sold by a well-known individual on underground hacking forums named Omnichorus, who has build a reputation for sharing and selling hacked and stolen data.


Notify of
6 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Adam Laub
Adam Laub , CMO
January 16, 2020 4:35 pm

A missing password is a misconfiguration. It’s a mistake. Mistakes can be incredibly costly though and the truth is they’re quite easy to make when it comes to staying on top of the literally thousands of settings that can be so easily exploited and manipulated by threat actors.

This is exactly why proactive security measures like vulnerability assessment and desired state configuration are so important as part of a layered security program though.

Achieving the discipline to ensure even just the most critical configurations are set properly across every resource would drastically improve any organization’s security posture. The discipline is unfortunately the hardest part.

Last edited 4 years ago by Adam Laub
Elad Shapira
Elad Shapira , Head of Research
January 16, 2020 1:58 pm

It’s a new breach, but not a new story. Once again, we see how a lack of proper security controls can result in massive data exposure. In this case, LimeLeads neglected to set up a password for an internal server, which would have prevented 49 million user records from being lifted and sold online. Most concerning, however, is the impact that this breach has on the companies and contacts that were part of that stolen data, who can now be targeted for spear-phishing attacks.

The takeaway from this, as well as from the many similar data exposure incidents, is clear: organizations must assess and continuously monitor the security of their own data—as well as the data used by their business partners—and be vigilant about how sensitive information is stored.”

Last edited 4 years ago by Elad Shapira
Jonathan Deveaux
Jonathan Deveaux , Head of Enterprise Data Protection
January 16, 2020 1:56 pm

Ever wonder why you may be seeing more spam and phishing emails popping up in your work-domain email? Data breaches and exposure incidents like this could be the reason. It’s easy to assume that ‘data in the cloud’ and ‘ElasticSearch’ databases are the reason for the data breaches; both have been found in other large-scale data breaches reported in 2018 and 2019. However, cloud and databases are infrastructure technologies, and applying truly effective data security goes beyond the act of turning on infrastructure security.

In this particular case, not only did this company fail to set up access security for the internal server that contained this data, the company also failed to encrypt or tokenize the data itself. Encryption and tokenization are actually more important than access security, because the data would be protected in a way that makes the data meaningless and worthless to a hacker or bad actor. The encrypted or tokenized data could not be listed for sale on the dark web because the data would be undecipherable.

The takeaway should be – “If you collect it, protect it.” Sensitive data should *not* be accessible by everyone, and, sensitive data should *not* be stored in its clear-text format no matter if it is in your secured network, in the cloud, or in databases.

Last edited 4 years ago by Jonathan Deveaux
James Carder
James Carder , Chief Information Security Officer & Vice President
January 15, 2020 11:10 am

In today’s global, data-centric landscape, database leaks continue to increase in frequency and in significance. Massive leaks have yet to slow down in the past two years and individuals’ personal information continues to be compromised from recurring breaches as critical security measures, such as passwords, are still yet to be deployed.

It only takes one cybercriminal to cause drastic damage as we have seen with the LimeLeads incident, impacting over 49 million user records. Unfortunately, the database left exposed for a period of two weeks was long enough for a cybercriminal to access the sensitive data. In any case, when there is detection of a breach, rapid incident response can mean the difference between a damaging data breach and quick containment. There must be advanced security tools in place that automate common investigation tasks and streamline remediation and response in order to halt a breach immediately and in real-time.

Last edited 4 years ago by James Carder
Vinay Sridhara
January 15, 2020 11:07 am

Organizations continue to miss the most basic security measure of properly password protecting critical assets. These types of embarrassing incidents, the effect of misconfigurations and poor cyber hygiene, are at the root of several recent leaks such as the Wyze data breach which leaked 2.4 million users’ data just last month.

Unfortunately, even though LimeLeads took immediate action to secure the exposed internal server and mitigate damage within 24 hours of being notified, the Elasticsearch misconfiguration was exploitable since July 2019, possibly even longer. This is another case of an ounce of prevention being worth a pound of cure. The fast response might win them some empathy, but the direct and reputational costs of exposing 50 million records will have a massive impact on the future of LimeLeads\’ business.

Last edited 4 years ago by Vinay Sridhara

Recent Posts

Would love your thoughts, please comment.x