New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Eight Million Users Exposed

An unsecured database with information of over eight million U.S. users was found by researchers. The information was found on an Elasticssearch database that exposed full names, addresses, email addresses, phone numbers, dates of birth, genders and IP addresses. The owner of the database, Ifficient, is an online marketing company that hosts online surveys, free product samples, and sweepstakes. This style of a company uses the information gathered from users to sell to other marketing companies. It does not appear that the information disclosed included SSN’s or financial information. Researchers were able to contact Ifficient, and they responded with this message: “We are grateful for any information pertaining to our data security, including the information shared here.  We take the privacy and security of all information within our possession very seriously.  Our investigation relating to this matter, and efforts to notify potentially affected individuals (if any), were undertaken immediately upon receiving the information here and are ongoing.  Thank you.” The owners of the database stated that they have since fixed the issue and encrypted the database. It is still unclear if any cybercriminal accessed and copied the information.

Analyst Notes

Websites such as these are constantly promising free merchandise and giveaways. They rarely ever fulfill their promises of free products. It is not recommended that users input their information into any of these sites. Users should always be aware of phishing campaigns that use the information harvested from these websites and unsecured databases.