49 Million User Records Leaked From US Data Broker LimeLeads – Experts Reactions

Data from an exposed LimeLeads Elasticsearch server has ended up on a hacking forum, being sold by a well-known individual on underground hacking forums named Omnichorus, who has build a reputation for sharing and selling hacked and stolen data.


EXPERTS COMMENTS
Adam Laub, CMO,  STEALTHbits Technologies
January 16, 2020
proactive security measures like vulnerability assessment and desired state configuration are so important as part of a layered security program
A missing password is a misconfiguration. It’s a mistake. Mistakes can be incredibly costly though and the truth is they’re quite easy to make when it comes to staying on top of the literally thousands of settings that can be so easily exploited and manipulated by threat actors. This is exactly why proactive security measures like vulnerability assessment and desired state configuration are ....
[Read More >>]
Elad Shapira, Head of Research,  Panorays
January 16, 2020
Most concerning, however, is the impact that this breach has on the companies and contacts.
It’s a new breach, but not a new story. Once again, we see how a lack of proper security controls can result in massive data exposure. In this case, LimeLeads neglected to set up a password for an internal server, which would have prevented 49 million user records from being lifted and sold online. Most concerning, however, is the impact that this breach has on the companies and contacts that we ....
[Read More >>]
Jonathan Deveaux, Head of Enterprise Data Protection,  comforte AG
January 16, 2020
The takeaway should be – “If you collect it, protect it.”
Ever wonder why you may be seeing more spam and phishing emails popping up in your work-domain email? Data breaches and exposure incidents like this could be the reason. It’s easy to assume that ‘data in the cloud’ and ‘ElasticSearch’ databases are the reason for the data breaches; both have been found in other large-scale data breaches reported in 2018 and 2019. However, cloud and da ....
[Read More >>]
James Carder, Chief Information Security Officer & Vice President,  LogRhythm Labs
January 15, 2020
It only takes one cybercriminal to cause drastic damage as we have seen with the LimeLeads incident.
In today’s global, data-centric landscape, database leaks continue to increase in frequency and in significance. Massive leaks have yet to slow down in the past two years and individuals’ personal information continues to be compromised from recurring breaches as critical security measures, such as passwords, are still yet to be deployed. It only takes one cybercriminal to cause drastic dama ....
[Read More >>]
Vinay Sridhara, CTO,  Balbix
January 15, 2020
The fast response might win them some empathy.
Organizations continue to miss the most basic security measure of properly password protecting critical assets. These types of embarrassing incidents, the effect of misconfigurations and poor cyber hygiene, are at the root of several recent leaks such as the Wyze data breach which leaked 2.4 million users’ data just last month. Unfortunately, even though LimeLeads took immediate action to secu ....
[Read More >>]
Ilia Kolochenko, Founder and CEO,  ImmuniWeb
January 15, 2020
Few important data leaks eventually end up in public marketplaces or web forums.
There are many similar leaks going on every week. The data is not high value given that it can merely be leveraged to improve targeting in phishing campaigns. The number of exposed accounts is, nonetheless, quite significant and malicious actors could leverage the volume to exploit, for example, a recent 0day in Firefox browser, or just-announced security vulnerability in Windows (assuming it is a ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article