According to ZDNet, “a hacker is currently selling a huge database of 49 million business contacts on a[n] underground hacking forum.” (zdnet.com, 2020) All current reports state that the hacker retrieved the large quantity of data from a San-Francisco-based B2B lead generator, LimeLeads. LimeLeads “makes its money by renting access to an internal database containing business contacts that can be used for pitches and sales.” (zdnet.com, 2020) For this specific hack, a threat actor has come forward and has been taking credit for this hack. The hacker goes by the name Omnichorus. “Sources in the threat intelligence community have told ZDNet that Omnichorus is a well-known individual on underground hacking forums, having built a reputation for sharing and selling hacked or stolen data — a so-called “data trader.” (zdnet.com, 2020) While data-trading is not a real position, nor is it a legal job, it sheds light on the level of seriousness hackers put into the dirty work which they do. On the dark web, hackers even supply ratings and reviews on one another to help buyers distinguish which illegal seller is a more “reputable” source. While it may be a bizarre concept to wrap your mind around, it is a for sure warning sign of how much more serious businesses of all sizes and specialties must take their cybersecurity protections and have a second set of eyes in play at all times. The LimeLeads leak could have been avoided simply by having a password set up for their internal server. That’s it! An unsecured server was to blame for the hack according to reports from ZDNet. (zdnet.com, 2020) A security assessment by an outside provider, such as Hodgson Consulting & Solutions, could have noticed this lack of protection and saved this company from being the latest data breach victim.
How it Could Affect You
If you are a business owner or you work for a business, the LimeLeads leak could affect you. There are tons of companies that buy and sell contact lists and business records. So the chances of your business being on one of their lists have good odds. And seeing as most people don’t always use unique and secure passwords for all of their individual accounts, it usually only takes hackers a few keystrokes and a handful of variations of just ONE of your known passwords. From there, they can quickly go from hacking your business accounts to your personal accounts. Don’t become the victim of their keyboard algorithm’s guessing game. ALWAYS use unique passwords.
Hodgson Can Help
Sometimes hearing just how easily a huge cyber security breach could have been avoided, is enough to make you rethink the current protections (or lack thereof) that your company has in place. Here at Hodgson Consulting & Solutions, we specialize in securing data and information loss prevention for companies with multiple locations and/or a remote workforce. Contact us to receive a FREE Confidential Dark Web Scan and also learn more about our Managed Security Service Plans. Contact our office today at 847-906-5005.