Unsecured LimeLeads internal sever allows hackers to acquire company data
Exploit: Unsecured database
LimeLeads: B2B lead generation service
Risk to Small Business: 2 = Severe: LimeLeads failed to secure an internal server, allowing a prominent threat actor to acquire and subsequently sell the company’s data on the Dark Web. The data breach could have significant implications for the company, whose business model centers around brokering company data for marketing initiatives. Security researchers found that the database was publicly exposed since at least July 27, 2019, meaning that the company had ample time to secure the database before bad actors became involved. Now they must grapple with crippling losses, including the less quantifiable brand erosion that accompanies a data breach.
Individual Risk: 2.428 = Severe: Company data has been for sale since October 2019, spanning across personally identifiable information such as their names, titles, email addresses, employer/company names, addresses, phone numbers, and even total revenue numbers. This information can be strategically deployed in spear phishing attacks, so those impacted by the breach should be especially critical of online communications while also closely monitoring their accounts for suspicious or unusual information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers and companies are increasingly unwilling to partner with organizations that can’t secure their data. Consequently, avoidable data breaches are an especially egregious way to compromise a company’s long-term viability. Inevitably, mistakes will be made, but identifying those errors and making corrections before hackers can capitalize on the information is critical to any defensive posture.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
