It has been reported that over 198 million records containing information on prospective car buyers, including loan and finance data, vehicle information and IP addresses for website visitors, has been found exposed on the internet for anyone to see. The non-password protected Elasticsearch database belonged to Dealer Leads, which is a company that gathers information on prospective buyers via a network of SEO-optimised, targeted websites.
According to the researcher, the websites all provide car-buying research information and classified ads for visitors. They collect this info and send it on to franchise and independent car dealerships to be used as sales leads. The exposed database in total contained 413GB of data. The information included records with names, email addresses, phone numbers, physical addresses, IP addresses and other sensitive or identifiable information exposed to the public internet in plain text.