OneMoreLead, a business-to-business marketing company, has been found to have exposed the records of more than 63 million US citizens. The exposure occurred as a result of a misconfigured database. The data was on an unsecured database the company left open.
The discoverers, Ran Locar and Noam Rote, are researchers at vpnMentor and found a database with 126 million records, including employer names, IP addresses, phone numbers, physical addresses, email addresses, work titles, and full names.
Some of the records include private data of police employees and the government.
In the wrong hands…
Data of this nature is valuable to hackers and foreign governments. Cyberwarfare is essentially the new frontier of warfare. These scenarios are only going to increase and get worse. Just a few weeks ago, President Joe Biden warned that if the US got into a war in the future, it would probably be over a devastating cybersecurity incident.
The researchers noted that criminals could use the information for fraud against all the exposed identities.
The information can also be used to create effective phishing attacks where a person could pretend to be an employer, the government, or another trusted entity.
Questions surround the origins of this company. It is relatively new, according to initial reports, and has no known clients. Checking out the name on Who.is reveals that the company had a domain name registered in 2016.
However, there is no company named OneMoreLead registered in the US Securities and Exchange Commission company database.
The amount of data the company had is unprecedented, given how new it is. Organizations have the responsibility to protect the data they collect from cybercriminals. When they unwittingly, or through incompetence, leave the door open, one has to wonder, will cybersecurity triumph.